تم تعطيل الجافا سكربت. للحصول على تجربة أفضل، الرجاء تمكين الجافا سكربت في المتصفح الخاص بك قبل المتابعة.

مشكله جابت لي المرض regedit.sys

بادئ الموضوع الـذيـب
تاريخ البدء 7 يونيو 2009
2,604

ا

الـذيـب

زيزوومي جديد

غير متصل

7 يونيو 2009

#1

يا ناس سعدوني ..,
كلم اضغط على بعض البرامج تجيني هذا الرساله ..,
c\\windows\system32\regedit.sys
شنو الحل ..,:er:

ترتيب حسب التاريخ ترتيب حسب الأصوات

MAAX

عضوشرف

غير متصل

7 يونيو 2009

#2

الله يحييك اخوي
حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

التعديل الأخير بواسطة المشرف: 12 مايو 2014

تأييد 0

ا

الـذيـب

زيزوومي جديد

غير متصل

7 يونيو 2009

#3

تفضل

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15:23 م, on 07/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\Ktp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [.: H A C K E R :.] C:\Documents and Settings\اسلوبي مجننهم\Application Data\Bifrost.exe
O4 - HKLM\..\Run: [abomehil] C:\WINDOWS\system32\abomehil\abomehil.exe
O4 - HKLM\..\Run: [setup] C:\setup\setup.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [abomehil] C:\WINDOWS\system32\abomehil\abomehil.exe
O4 - HKCU\..\Run: [setup] C:\setup\setup.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} (IMS_Conference Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F79CC0FA-14C4-4C15-9753-0CC44769C790}: NameServer = 1.254.6.2 1.254.6.3
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
--
End of file - 6176 bytes

تأييد 0

K

kemo_2009

زيزوومى مميز

غير متصل

7 يونيو 2009

#4

التقرير سليم بس
بعدها

عطل جميع برامج الحماية ,,
وحمل هذه الاداة واحفظها على سطح المكتب

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

عطل برنامج الحمايه واستخدم اداة SmitfraudFix

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

قم بتشغيل الملف SmitfraudFix.exe ,, وتابع الشرح كماا بهذه الصور

ثم قم بعمل تقرير هايجاك جديد

تأييد 0

ا

الـذيـب

زيزوومي جديد

غير متصل

7 يونيو 2009

#5

البرنامج الاول هذا التقررير ..,
ComboFix 09-06-04.A1 - اسلوبي مجننهم 06/07/2009 21:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1025.18.1270.792 [GMT 3:00]
Running from: c:\documents and settings\اسلوبي مجننهم\My Documents\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\اسلوبي مجننهم\Application Data\addons.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\Bifrost
c:\windows\system32\Bifrost\logg.dat
c:\windows\system32\Computers
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Previous Run -------
.
c:\documents and settings\اسلوبي مجننهم\Application Data\addon.dat
c:\program files\Bifrost
c:\windows\system32\Computers
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-07 17:47 . 2009-06-07 17:47 -------- d-----w- c:\program files\Pic2Ico
2009-06-07 17:15 . 2009-06-07 17:15 -------- d-----w- c:\program files\Trend Micro
2009-06-07 17:10 . 2009-06-07 17:12 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\IconChanger
2009-06-07 17:08 . 2009-06-07 17:12 -------- d-----w- c:\program files\IconChanger
2009-06-07 16:53 . 2009-06-07 16:53 -------- d-----w- c:\program files\LtUcx
2009-06-07 12:26 . 2009-06-07 12:26 -------- d-----w- c:\windows\ShellNew
2009-06-07 12:26 . 2009-06-07 12:26 -------- d-----w- c:\program files\AutoIt3
2009-06-07 11:52 . 2009-06-07 12:33 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\X-NetStat
2009-06-07 11:52 . 2009-06-07 11:52 -------- d-----w- c:\program files\X-NetStat Professional
2009-06-07 02:09 . 2009-06-07 02:09 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\Pic2Pic
2009-06-07 02:09 . 2009-06-07 02:09 -------- d-----w- c:\program files\Pic2Pic
2009-06-07 01:35 . 2009-06-07 01:43 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\Resource Tuner
2009-06-07 01:17 . 2009-06-07 01:35 -------- d-----w- c:\program files\Resource Tuner
2009-06-07 00:03 . 2009-06-07 00:03 -------- d-----w- c:\program files\TeamViewer
2009-06-06 23:11 . 2009-06-07 12:40 -------- d-----w- C:\setup
2009-06-06 22:50 . 2009-06-06 23:17 -------- d-----w- c:\program files\Computers
2009-06-06 22:50 . 2009-04-24 09:27 106506 ----a-w- c:\program files\stub.exe
2009-06-06 22:50 . 2008-12-14 14:41 1466368 ----a-w- c:\program files\Bifrost.exe
2009-06-06 10:10 . 2009-06-06 11:51 -------- d-sh--r- c:\windows\system32\abomehil
2009-06-06 09:57 . 2009-06-06 09:57 0 ----a-w- c:\windows\nsreg.dat
2009-06-06 09:57 . 2009-06-06 09:57 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Local Settings\Application Data\Mozilla
2009-06-05 17:39 . 1997-12-27 03:47 36864 ----a-r- c:\windows\chgtype.exe
2009-06-05 12:16 . 2009-06-06 22:32 20801 --sha-w- c:\windows\system\klog.dat
2009-06-05 10:51 . 2009-06-06 23:59 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\TeamViewer
2009-06-05 10:51 . 2009-06-07 00:03 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\temp
2009-06-05 10:20 . 2009-06-05 10:20 -------- d-----w- c:\program files\No-IP
2009-06-05 01:10 . 2004-08-04 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-05 00:23 . 2009-06-05 00:32 2878212 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\DwnlData\اسلوبي مجننهم\City_Racing_94\City_Racing.exe
2009-06-05 00:23 . 2009-06-05 00:23 198064 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-06-04 16:38 . 2009-06-07 18:43 -------- d-----w- c:\windows\system32\Lang
2009-06-04 10:31 . 2001-09-18 10:44 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-06-04 10:31 . 2001-09-18 10:44 117760 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-06-04 10:27 . 2009-06-04 10:27 12800 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\Thinstall\WinTools.net 9.3.0 Professional\300000001700002i\OSE.EXE
2009-06-04 10:27 . 2009-06-04 10:27 12800 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\Thinstall\WinTools.net 9.3.0 Professional\10000001200002i\cleanmgr.exe
2009-06-04 00:45 . 2009-06-05 20:39 -------- d-----w- C:\Fraps
2009-06-04 00:28 . 2004-12-28 07:01 73728 ----a-r- c:\windows\system32\sm56co.dll
2009-06-04 00:28 . 2009-06-04 00:28 -------- d-----w- c:\windows\Motorola
2009-06-04 00:28 . 2005-01-10 08:11 838930 ----a-r- c:\windows\system32\drivers\smserial.sys
2009-06-04 00:28 . 2004-11-01 11:12 65536 ----a-r- c:\windows\sm56spn.dll
2009-06-04 00:28 . 2004-11-09 05:42 49152 ----a-r- c:\windows\sm56jpn.dll
2009-06-04 00:28 . 2004-11-01 11:12 65536 ----a-r- c:\windows\sm56itl.dll
2009-06-04 00:28 . 2004-11-01 11:12 65536 ----a-r- c:\windows\sm56ger.dll
2009-06-04 00:28 . 2004-11-01 11:12 65536 ----a-r- c:\windows\sm56fra.dll
2009-06-04 00:28 . 2004-11-09 05:42 65536 ----a-r- c:\windows\sm56eng.dll
2009-06-04 00:28 . 2004-11-09 05:42 45056 ----a-r- c:\windows\sm56cht.dll
2009-06-04 00:28 . 2004-11-10 02:16 45056 ----a-r- c:\windows\sm56chs.dll
2009-06-04 00:28 . 2004-11-01 11:12 65536 ----a-r- c:\windows\sm56brz.dll
2009-06-04 00:28 . 2004-12-28 07:01 544768 ----a-r- c:\windows\sm56hlpr.exe
2009-06-04 00:27 . 2004-08-03 20:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-06-04 00:27 . 2004-08-03 20:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-06-04 00:27 . 2009-06-04 00:27 294912 ----a-w- c:\windows\HideWin.exe
2009-06-04 00:27 . 2005-05-03 10:43 69632 ----a-w- c:\windows\ALCMTR.EXE
2009-06-04 00:12 . 2009-06-04 00:12 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Local Settings\Application Data\Identities
2009-06-03 18:07 . 2009-06-05 00:36 2344967 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\DwnlData\اسلوبي مجننهم\gsitecrawler-123-full_69\gsitecrawler-123-full.exe
2009-06-02 20:26 . 2009-06-02 20:26 -------- d-----w- c:\program files\AvRack
2009-06-02 20:26 . 2004-01-04 19:38 1032 ------w- c:\windows\system32\drivers\alcxinit.dat
2009-06-02 20:26 . 2003-12-19 02:07 541548 ------w- c:\windows\system32\drivers\alcxwdm.sys
2009-06-02 20:26 . 2003-12-18 21:04 5273088 ------w- c:\windows\system32\RTLCPL.exe
2009-06-02 20:26 . 2003-12-11 05:54 391424 ------w- c:\windows\system32\drivers\alcxsens.sys
2009-06-02 20:26 . 2003-11-20 22:58 208896 ------w- c:\windows\alcupd.exe
2009-06-02 20:26 . 2003-11-20 22:56 139264 ------w- c:\windows\alcrmv.exe
2009-06-01 20:44 . 2009-06-01 20:50 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Local Settings\Application Data\Adobe
2009-06-01 20:28 . 2009-06-01 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-06-01 20:27 . 2009-06-01 20:27 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-01 20:24 . 2009-06-01 20:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-01 19:20 . 2009-06-01 19:23 -------- d-----w- c:\windows\system32\Adobe
2009-06-01 18:05 . 2009-06-01 18:05 -------- d-----w- c:\program files\GTA San Andreas
2009-06-01 17:53 . 2004-08-03 19:58 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2009-06-01 17:53 . 2004-08-03 19:58 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2009-06-01 17:53 . 2004-08-03 21:55 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-01 17:53 . 2004-08-03 21:55 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-01 17:53 . 2004-08-03 21:55 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-06-01 17:53 . 2004-08-03 21:55 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-06-01 10:42 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-06-01 10:42 . 2009-06-01 10:42 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-06-01 10:24 . 2008-10-16 11:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-01 10:24 . 2008-10-16 11:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-31 19:19 . 2009-05-31 19:19 -------- d-----w- c:\program files\Game Power 7
2009-05-31 18:49 . 2009-06-07 16:17 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Tracing
2009-05-31 18:46 . 2009-05-31 18:46 -------- d-----w- c:\program files\Microsoft
2009-05-31 18:46 . 2009-05-31 18:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-31 18:44 . 2009-05-31 18:44 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-31 13:47 . 2009-05-31 13:47 -------- d-----w- c:\windows\system32\LogFiles
2009-05-31 12:00 . 2009-05-31 13:50 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-05-31 11:58 . 2009-05-31 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-31 11:08 . 2009-05-31 18:46 -------- d-----w- c:\program files\Windows Live
2009-05-31 11:07 . 2009-05-31 12:00 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-30 20:14 . 2009-05-30 20:14 12800 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\Thinstall\WinTools.net 9.3.0 Professional\4000001dc00002i\WinToolsPro.exe
2009-05-30 20:13 . 2009-05-30 20:13 12800 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\Thinstall\WinTools.net 9.3.0 Professional\4000001400002i\language.exe
2009-05-30 20:13 . 2009-05-30 20:13 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\Thinstall
2009-05-30 18:46 . 2009-06-05 18:08 -------- d--h--w- c:\documents and settings\Default User
2009-05-30 18:46 . 2009-05-30 15:58 -------- d-----w- c:\documents and settings\All Users
2009-05-30 17:50 . 2009-05-30 17:50 112144 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys
2009-05-30 17:50 . 2009-05-30 17:50 682512 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll
2009-05-30 17:48 . 2009-05-30 17:48 194320 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys
2009-05-30 17:48 . 2009-05-30 17:48 150032 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll
2009-05-30 17:48 . 2009-05-30 17:48 342544 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll
2009-05-30 17:39 . 2009-05-31 18:46 -------- d-----w- c:\program files\MSN Messenger
2009-05-30 17:23 . 2008-10-16 11:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-05-30 17:17 . 2009-06-07 18:43 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\DMCache
2009-05-30 17:17 . 2009-06-07 12:24 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM
2009-05-30 17:16 . 2009-06-05 00:23 -------- d-----w- c:\program files\Internet Download Manager
2009-05-30 17:04 . 2009-05-30 17:04 -------- d-----w- c:\program files\VS Revo Group
2009-05-30 16:41 . 2009-05-30 17:43 -------- d-----w- c:\documents and settings\اسلوبي مجننهم\Contacts
2009-05-30 16:36 . 2009-05-30 16:36 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-30 16:35 . 2009-05-30 16:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-30 16:35 . 2009-05-30 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-30 16:35 . 2009-05-30 16:35 -------- d-----w- c:\program files\Common Files\Real
2009-05-30 16:35 . 2009-05-30 16:35 -------- d-----w- c:\program files\Real
2009-05-30 16:34 . 2009-05-30 16:35 -------- d-----w- c:\program files\Hotspot Shield
2009-05-30 16:34 . 2002-02-18 07:23 46352 ----a-w- c:\windows\setdebug.exe
2009-05-30 16:34 . 2002-02-18 07:22 171280 ----a-w- c:\windows\system32\jit.dll
2009-05-30 16:34 . 2002-02-18 07:22 139536 ----a-w- c:\windows\system32\javaee.dll
2009-05-30 16:34 . 2002-02-18 04:35 6550 ----a-w- c:\windows\jautoexp.dat
2009-05-30 16:34 . 2002-02-18 04:34 313856 ----a-w- c:\windows\system32\dx3j.dll
2009-05-30 16:30 . 2009-05-30 16:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-30 16:29 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-05-30 16:22 . 2005-01-23 02:36 159744 ----a-r- c:\windows\system32\igfxres.dll
2009-05-30 16:19 . 2009-05-30 17:50 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-30 16:19 . 2009-05-30 17:50 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-30 16:18 . 2009-06-07 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-30 16:18 . 2009-05-30 16:18 -------- d-----w- c:\program files\Kaspersky Lab
2009-05-30 16:18 . 2009-06-07 18:54 4850976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-05-30 16:18 . 2009-06-07 18:33 209696 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-05-30 16:17 . 2001-09-18 10:38 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 18:47 . 2004-08-04 12:00 45050 ----a-w- c:\windows\system32\perfc001.dat
2009-06-07 18:47 . 2004-08-04 12:00 265208 ----a-w- c:\windows\system32\perfh001.dat
2009-06-07 13:40 . 2009-05-30 16:18 66944 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-07 13:40 . 2009-05-30 16:18 20984 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-05 01:06 . 2009-06-05 01:06 32768 ----atw- C:\PR8.tmp
2009-06-04 10:29 . 2009-06-07 18:27 2181688 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\DwnlData\اسلوبي مجننهم\SmitfraudFix\SmitfraudFix.cmd
2009-06-04 10:24 . 2009-05-30 15:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-02 21:51 . 2009-05-30 16:05 47624 ----a-w- c:\documents and settings\اسلوبي مجننهم\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 08:17 . 2009-06-07 18:27 75776 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\DwnlData\اسلوبي مجننهم\SmitfraudFix\WS2Fix.exe
2009-05-31 12:56 . 2009-05-30 16:33 -------- d-----w- c:\program files\The KMPlayer
2009-05-30 17:50 . 2007-04-28 13:51 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-05-30 16:34 . 2009-05-30 16:34 2232 ----a-w- c:\windows\java\Packages\Data\OMYCWLR3.DAT
2009-05-30 16:34 . 2009-05-30 16:34 155995 ----a-w- c:\windows\java\Packages\DZ571RP7.ZIP
2009-05-30 16:34 . 2009-05-30 16:34 2678 ----a-w- c:\windows\java\Packages\Data\JX7HB93F.DAT
2009-05-30 16:34 . 2009-05-30 16:34 2678 ----a-w- c:\windows\java\Packages\Data\VLF9BFHN.DAT
2009-05-30 16:34 . 2009-05-30 16:34 2678 ----a-w- c:\windows\java\Packages\Data\PBPVJFF7.DAT
2009-05-30 16:34 . 2009-05-30 16:34 2678 ----a-w- c:\windows\java\Packages\Data\1NLNF7LV.DAT
2009-05-30 16:34 . 2009-05-30 16:34 2678 ----a-w- c:\windows\java\Packages\Data\UMFXJN5F.DAT
2009-05-30 16:09 . 2009-05-30 16:09 -------- d-----w- c:\program files\Intel
2009-05-30 16:00 . 2009-05-30 16:00 -------- d-----w- c:\program files\microsoft frontpage
2009-05-30 15:55 . 2009-05-30 15:55 22144 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-04 20:52 . 2009-06-07 18:27 180224 ----a-w- c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\DwnlData\اسلوبي مجننهم\SmitfraudFix\ProxyDisable.exe
2009-03-28 08:27 . 2009-03-28 08:27 1547776 ----a-w- c:\windows\system32\sfcfiles.dll
2009-03-28 08:27 . 2009-03-28 08:27 982528 ----a-w- c:\windows\system32\syssetup.dll
2009-03-26 15:35 . 2009-05-27 10:22 210352 ----a-w- c:\windows\system32\idmmbc.dll
2004-08-04 12:00 . 2004-08-04 12:00 114688 --sha-r- c:\windows\system32\wscript.exe
2005-09-03 14:23 . 2005-09-03 14:23 18948 --sh--r- c:\windows\system32\abomehil\logs.dat
2006-05-03 20:27 . 2006-05-03 20:27 1 --sha-r- c:\windows\system32\abomehil\plugin.dat
.
------- Sigcheck -------
[-] 2009-03-28 08:27 1547776 6E932D21E116B51ED9D5157E31C48E33 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"setup"="c:\setup\setup.exe" [2004-08-04 388608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"KTPWare"="c:\program files\Elantech\Ktp.exe" [2005-04-04 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-30 198160]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2001-12-26 472576]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2004-12-28 544768]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-07-13 14679552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\ں«éي ï ê¤ëëىê\çں‍ê، ں §ڑ\ںé ©ںê¤\ §ک ںé¢¬نïé\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-6-5 1172992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\00hoeav.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\0w.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6fnlpetp.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\6x8be16.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2cmd.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2free.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2upd.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abk.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Adobe Gamma Loader.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algsrvs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\algssl.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Angry.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antihost.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu-0607g.xml]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apu.stt]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashLogV.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashMaiSv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashPopWz.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashQuick.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashSkPcc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashWebSv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswBoot.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswRegSvr.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.bin]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Autorun.ini]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.reg]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.txt]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorun.wsh]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autorunsc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastSS.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avciman.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgamsvr.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgcc32.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgemc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrsx.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgscan.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgserv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgupsvc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avltd.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avmailc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avzkrnl.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad1.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad2.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bad3.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdsubwiz.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BDSurvey.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BIOSREAD.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caiss.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caissdt.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\catcache.dat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cauninst.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavApp.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavasm.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavAUD.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCmd.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVCtx.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavEmSrv.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavmr.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavMUD.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavoar.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavQ.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRep.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVRid.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSCons.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cavse.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSn.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavSub.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CAVSubmit.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUMAS.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CavUserUpd.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cavvl.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CEmRep.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahcomm.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahrule.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ckahum.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clldr.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMain.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\copy.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\curidsbase.kdz]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\destrukto.vbs]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DF5Serv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\diffs.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drvins32.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb32w.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drweb386.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebwcl.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwreg.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\regedit.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\e9ehn1m8.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\edb.chk]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EMDISK.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f0.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileKan.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\flashy.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FProtTray.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fptrayproc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE ]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FrzState2k.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fs6519.dll.vbs]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssf.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fssync.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fun.xls.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\g2pfnid.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GetSI.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxkickoff_x64.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\h3.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\hookinst.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\host.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\i.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Identity.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iefqwp.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEShow.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ij.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstallCAVS.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\InstLsp.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafe.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iSafInst.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav.bav]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavbase.kdl]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ker.vbs]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KeyMgr.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killVBS.vbs]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kl1.sys]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klavemu.kdl]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.cat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klbg.sys]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.cat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klif.sys]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\klim5.sys]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licmgr.ex]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\licreg.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lky.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\m2nl.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcappins.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcaupdate.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcinfo.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcmnhdlr.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcregwiz.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcupdui.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsftsn.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcvsmap.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msdos.pif]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msfir80.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MSGrc32.vbs]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msime80.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msizap.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msmsgs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcm80.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcp80.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr71.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msvcr80.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mzvkbd3.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\naiavfin.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netcfg.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\new folder.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\njibyekk.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\olb1iimw.bat]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OnAccessInstaller.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagent.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pagentwd.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavFnSvr.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavprsrv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PavReport.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsAuxs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsSvc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pctsTray.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prloader.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PSHost.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskmssvc.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QtnMaint.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rcukd.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\reload.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue32.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescuecd.zip]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rose.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sal.xls.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHOST.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvhosts.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVHSOT.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHOST.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scvvhosts.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCVVHSOT.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SendLogs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\session.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SocksA.ex]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOCFG.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOLITE.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSCAN.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SOLOSENT.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\spidercpl.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ssvichosst.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sxs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\system.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\temp2.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\toy.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TPSrv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\uiscan.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\unp_test.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\update.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\updater.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UPSDbMaker.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userdump.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UUpd.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\v.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Act.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ECM.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32ifs.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32PP3.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32Qtn.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcons.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbglobal.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbimport.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbinst.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbscan.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbsystry.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VetMsg.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\virusutilities.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBPROXY.EXE]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\whi.com]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WinGrc32.dll]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wsctool.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\yannh.cmd]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ybj8df.exe]
"Debugger"=c:\windows\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\اسلوبي مجننهم\\سطح المكتب\\Spy-Net [RAT] v1.4_2 kabo\\Spy-Net [RAT] v1.4\\spynet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Poison Ivy\\Poison Ivy 2.3.2.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"81:TCP"= 81:TCP:Bifrost Arabic 1.2.1
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 02:58 م 24344]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [30/05/2009 07:15 م 25984]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [30/05/2009 07:33 م 332928]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A54210CE-496C-8BC6-82F5-FB58D75BA277}]
c:\documents and settings\اسلوبي مجننهم\Application Data\Bifrost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AAAAAAAA-IWE2-R26D-0I80-XP2V372A0343}]
c:\windows\system32\abomehil\abomehil.exe Restart
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C1D3B752-4641-1A19-B9FB-7841B39D410F}]
c:\windows\system32\messenger.exe
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-abomehil - c:\windows\system32\abomehil\abomehil.exe
HKLM-Run-.: H A C K E R :. - c:\documents and settings\اسلوبي مجننهم\Application Data\Bifrost.exe
HKLM-Run-abomehil - c:\windows\system32\abomehil\abomehil.exe
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

DPF: {3C8E8DD8-D86A-4E6D-AF37-AB3CA7FDF8CD} - hxxp://75.126.208.166/imscp/talkc38.cab
FF - ProfilePath - c:\documents and settings\اسلوبي مجننهم\Application Data\Mozilla\Firefox\Profiles\yvbslcx4.default\
FF - component: c:\documents and settings\اسلوبي مجننهم\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-06-07 21:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
.: H A C K E R :. = c:\documents and settings\?????? ??????\Application Data\Bifrost.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2000478354-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BE792C9-EDB7-7A04-D9F4-AC7C0A34EA9C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naifpdndgmkdfcnbodaladofblml"=hex:69,61,6a,6b,66,6c,6b,65,69,6f,65,6d,64,6a,
62,6d,6d,69,00,00
"maofbnicchifealklfgbefnkgd"=hex:69,61,6a,6b,66,6c,6b,65,69,6f,65,6d,64,6a,62,
6d,6d,69,00,00
[HKEY_USERS\S-1-5-21-2000478354-527237240-839522115-1003\Software\^—لQV*P*N*\Vpn123\Main]
"Tip_HideAfterConnection"=dword:00000001
"SavePassword"=dword:00000001
"Username"="ar678"
"Password"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,
00,00,00,88,2b,e5,79,c0,0c,10,48,90,96,02,eb,75,d7,eb,e6,10,00,00,00,0e,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c4,32,ba,3c,1f,1c,ee,cc,bd,25,bc,aa,dc,85,19,3f,f7,4f,d7,6e,76,
31,ce,dc,f1,30,4d,3d,e1,b8,bc,6c,65,a1,8f,5b,6b,7f,fa,dc,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68774afc-dfc4-408a-ba66-c8b0360f6b06}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009d
"Therad"=dword:00000009
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1636)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(1692)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Completion time: 2009-06-07 21:57
ComboFix-quarantined-files.txt 2009-06-07 18:57
Pre-Run: 22,006,038,528 bytes free
Post-Run: 21,983,117,312 bytes free
784
البرنامج الثاني هذا التقررير ..,
SmitFraudFix v2.419
Scan done at 21:44:47.57, Sun 06/07/2009
Run from C:\Documents and Settings\اسلوبي مجننهم\My Documents\Downloads\Programs\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

تأييد 0

ا

الـذيـب

زيزوومي جديد

غير متصل

7 يونيو 2009

#6

فيه مشكله ثاني ..,
عند اشغل الجهاز تطلع لي هذا ..,

تأييد 0

MAAX

عضوشرف

غير متصل

7 يونيو 2009

#7

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ثبته على الجهاز ،، ثم شغله واعمل كما الشرح التالي لفحص الجهاز وعمل تقرير

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وبعد انتهاء الفحص اعمل التالي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

انسخ ما بداخل التقرير والصقه بمشاركتك القادمة

تأييد 0

ا

الـذيـب

زيزوومي جديد

غير متصل

8 يونيو 2009

#8

Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
08/06/2009 01:37:38 م
mbam-log-2009-06-08 (13-37-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71925
Time elapsed: 25 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2FREE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROTTRAY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVFNSVR.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPROXY.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

تأييد 0

MAAX

عضوشرف

غير متصل

8 يونيو 2009

#9

اعمل تقرير هايجاك جدي

تأييد 0

ا

الـذيـب

زيزوومي جديد

غير متصل

8 يونيو 2009

#10

Malwarebytes' Anti-Malware 1.29
Database version: 1276
Windows 5.1.2600 Service Pack 2
08/06/2009 09:35:53 م
mbam-log-2009-06-08 (21-35-53).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 72392
Time elapsed: 19 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

تأييد 0

MAAX

عضوشرف

غير متصل

9 يونيو 2009

#11

MAAX قال:
الله يحييك اخوي

حمل هذا البرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

شغل البرنامج ==> واضغط على
Do a system scan and save log

لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

هذا الهايجاك
:d:

التعديل الأخير بواسطة المشرف: 12 مايو 2014

تأييد 0

يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.

شارك:

فيسبوك X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp البريد الإلكتروني الرابط

๑♥๑ مبـــــــ بـمناسبة مرور ثمانية عشر عام على تأسيس زيـــــــــزووم ــــــــرووك ๑♥๑

أعلى