لا استطيع فتح الكنترول بانيل

M

maawya

زيزوومي نشيط
إنضم
17 سبتمبر 2007
المشاركات
171
مستوى التفاعل
2
النقاط
200
الموقع الالكتروني
www.sudanhome.no
غير متصل
السلام عليكم .. لدي مشكله من يومين تتلخص في عند الضغط علي كنترول بانيل تاتيني رساله بان هناك مشكله في الويدوز اكسبلورر !! قمت بفحص الجهاز بجميع ادوات الفحص الموجوده هنا ولا زالت المشكله قائمه !!

جهازي وندوز فيستا واستخدم الافيرا 9

اتمني المساعده من المختصين والله لا يضيع اجر من احسن عملا
 

توقيع : maawya
ترتيب حسب التاريخ ترتيب حسب الأصوات
في انتظار افاداتكم
 

توقيع : maawya
تأييد 0
توقيع : زمان الصمت
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



قمت باستخدام هذه الاداه وادت عملها بنجاح ..ولكن ما زالت المشكله قائمه :no:


عندي الويندوز windwos vista home premium
servce 1

الويندوز اصلي من الشركه
 
توقيع : maawya
تأييد 0
حمل هذا الملف

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



شغله ووافق على جميع الرسائل
ثم اعد تشغيل الجهاز وبلغنا النتائج
 
تأييد 0
للاسف نفس المشكله :?: رساله بتوقف الويندوز اكسبلورر وعمل اعاده تشغيل جديده ( للويندوزاكسبلورر)
 
توقيع : maawya
تأييد 0
اعذرني اخي
ما اعرف عن المشكلة اكثر
اتمنى لك التوفيق
 
تأييد 0
توقيع : Corporation
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يعطيك الف عافيه يابعدي نور

اعمل الاتي اخي

عطل جميع برامج الحمايه
نزل هذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
 بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
 انتظر حتى يظهر لك تقرير ،، وبذلك يكون الفحص انتهى الصق التقرير بمشاركتك القادمة



 
توقيع : KoNaMi
تأييد 0
ComboFix 09-04-19.01 - magrabe 2009/04/18 19:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3069.1651 [GMT 2:00]
Running from: c:\users\magrabe\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-17 17:19 . 2009-04-17 17:19 114400 ----a-w c:\users\Gjest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 12:01 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-04-17 12:01 . 2009-04-17 20:01 -------- d-----w c:\program files\Cheat Engine
2009-04-17 12:01 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-04-16 21:10 . 2009-04-16 21:10 -------- d-----w C:\Delete_Temp
2009-04-16 20:57 . 2009-04-16 20:57 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w c:\program files\NCH Swift Sound
2009-04-16 12:02 . 2009-04-16 12:02 -------- d-----w c:\users\magrabe\AppData\Roaming\NCH Swift Sound
2009-04-16 11:38 . 2009-04-16 12:04 -------- d-----w c:\users\All Users\NCH Software
2009-04-16 11:38 . 2009-04-16 12:04 -------- d-----w c:\programdata\NCH Software
2009-04-16 11:38 . 2009-04-16 12:04 -------- d-----w c:\users\magrabe\AppData\Roaming\NCH Software
2009-04-16 11:37 . 2009-04-16 12:03 -------- d-----w c:\program files\NCH Software
2009-04-16 09:26 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-16 09:26 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-16 09:26 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 11:01 . 2009-04-15 11:03 -------- d-----w c:\users\magrabe\AppData\Local\RegCure
2009-04-15 09:45 . 2009-04-15 09:45 -------- d-----w c:\program files\Common Files\On2 Technologies
2009-04-15 09:45 . 2009-04-15 09:45 -------- d-----w c:\program files\On2 Technologies
2009-04-15 09:30 . 2009-04-15 09:44 -------- d-----w c:\program files\sample
2009-04-14 22:15 . 2009-04-14 22:17 -------- d-----w c:\users\magrabe\AppData\Local\Mayoko
2009-04-14 22:14 . 2009-04-14 22:14 -------- d-----w c:\program files\Mayoko
2009-04-11 08:50 . 2009-04-15 09:24 -------- d-----w c:\program files\SHOUTcast
2009-04-11 08:41 . 2009-04-11 08:41 -------- d-----w c:\program files\SpacialAudio
2009-04-11 08:41 . 2004-12-12 23:05 356437 ----a-w c:\windows\system32\GDS32.DLL
2009-04-11 08:41 . 2009-04-11 08:41 -------- d-----w c:\program files\Firebird
2009-04-10 17:01 . 2009-04-10 17:01 -------- d-----w c:\program files\Common Files\Intel
2009-04-10 14:35 . 2008-06-12 17:37 6144 ----a-w c:\windows\system32\ff_acm.acm
2009-04-10 14:35 . 2008-06-12 17:36 7680 ----a-w c:\windows\system32\ff_vfw.dll
2009-04-10 14:35 . 2007-07-10 15:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest
2009-04-10 14:35 . 2009-04-10 14:35 -------- d-----w c:\program files\ffdshow
2009-04-09 13:00 . 2009-04-09 13:00 -------- d-----w c:\program files\Adobe Media Player
2009-04-09 12:48 . 2009-04-09 12:48 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-09 12:06 . 2009-04-09 13:22 -------- d-----w c:\users\magrabe\AppData\Roaming\Download Manager
2009-04-06 19:34 . 2009-04-06 19:34 194256 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-06 19:31 . 2009-04-06 19:31 -------- d-----w c:\program files\Safari
2009-04-03 07:49 . 2009-04-03 07:49 -------- d-----w c:\program files\Windows Media Components
2009-04-03 06:58 . 2009-04-03 07:04 -------- d-----w c:\program files\SopCast
2009-04-02 16:28 . 2009-04-02 16:28 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:20 . 2009-04-01 18:20 -------- d-----w c:\users\magrabe\AppData\Roaming\HiYo
2009-03-23 22:24 . 2007-10-22 19:29 270392 ----a-w c:\windows\system32\hcwpnp32_priv.dll
2009-03-23 22:24 . 2007-10-22 19:29 270392 ----a-w c:\windows\system32\hcwpnp32.dll
2009-03-23 22:24 . 2006-10-10 16:47 36921 ----a-w c:\windows\system32\hcwutl32_priv.dll
2009-03-23 22:23 . 2007-05-15 15:46 98360 ----a-w c:\windows\system32\hcwi2c32.dll
2009-03-23 22:23 . 2004-06-08 01:03 36921 ----a-w c:\windows\system32\hcwutl32.dll
2009-03-23 21:52 . 2009-03-23 21:53 -------- d-----w c:\users\magrabe\AppData\Roaming\CyberLink
2009-03-23 21:52 . 2009-03-24 21:49 -------- d-----w c:\users\magrabe\AppData\Local\PowerCinema
2009-03-23 21:52 . 2009-03-23 21:53 -------- d-----w c:\users\All Users\CyberLink
2009-03-23 21:52 . 2009-03-23 21:53 -------- d-----w c:\programdata\CyberLink
2009-03-23 21:52 . 2007-08-10 22:05 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-03-23 21:50 . 2009-03-23 21:50 -------- d-----w c:\program files\Cyberlink
2009-03-22 19:52 . 2009-04-16 20:58 -------- d-----w c:\program files\Live_TV
2009-03-21 10:39 . 2009-03-21 17:14 -------- d-----w c:\users\magrabe\{24e1af6d-16e8-470a-9856-09b1ba80a51b}
2009-03-21 08:52 . 2009-03-21 08:52 -------- d-----w c:\users\magrabe\AppData\Roaming\GeoVid
2009-03-21 08:50 . 2009-03-21 08:50 -------- d-----w c:\users\All Users\GeoVid
2009-03-21 08:50 . 2009-03-21 08:50 -------- d-----w c:\programdata\GeoVid
2009-03-21 08:50 . 2009-03-21 08:50 -------- d-----w c:\program files\Common Files\GeoVid
2009-03-21 08:50 . 2007-06-28 17:54 180224 ----a-w c:\windows\system32\xvidvfw.dll
2009-03-21 08:50 . 2007-06-28 17:52 765952 ----a-w c:\windows\system32\xvidcore.dll
2009-03-21 08:50 . 2005-06-07 14:11 60416 ----a-w c:\windows\system32\dsetup.dll
2009-03-21 08:50 . 2003-03-19 05:05 89088 ----a-w c:\windows\system32\atl71.dll
2009-03-21 08:50 . 2009-03-21 08:50 -------- d-----w c:\program files\GeoVid
2009-03-20 19:52 . 2009-03-20 19:53 -------- d-----w c:\users\magrabe\AppData\Local\Microsoft Games
2009-03-20 18:50 . 2009-03-20 18:50 3358720 ----a-w c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 10:36 . 2008-12-06 19:56 -------- d-----w c:\users\magrabe\AppData\Roaming\ComfortSoftware
2009-04-17 05:50 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 22:59 . 2008-04-23 06:35 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 21:34 . 2008-09-21 11:22 -------- d-----w c:\users\magrabe\AppData\Roaming\uTorrent
2009-04-15 13:33 . 2008-09-21 11:52 -------- d-----w c:\users\magrabe\AppData\Roaming\Desktopicon
2009-04-15 09:45 . 2008-04-22 16:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 21:36 . 2008-09-19 14:30 114400 ----a-w c:\users\magrabe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-13 13:19 . 2008-11-08 11:31 -------- d-----w c:\users\magrabe\AppData\Roaming\vlc
2009-04-13 13:19 . 2008-09-28 11:18 -------- d-----w c:\users\magrabe\AppData\Roaming\ImageBadger
2009-04-13 13:19 . 2009-03-17 09:36 -------- d-----w c:\program files\No1 Video Converter
2009-04-13 13:19 . 2008-10-03 08:45 -------- d-----w c:\programdata\pdf995
2009-04-13 13:19 . 2008-10-02 09:39 -------- d-----w c:\program files\FOX Video Converter
2009-04-13 13:19 . 2008-09-25 18:21 -------- d-----w c:\programdata\FLEXnet
2009-04-13 13:19 . 2008-09-21 09:29 -------- d-----w c:\program files\shup
2009-04-13 13:19 . 2008-04-22 17:12 -------- d-----w c:\program files\Common Files\Adobe
2009-04-12 16:04 . 2008-09-28 11:18 -------- d---a-w c:\programdata\TEMP
2009-04-10 21:35 . 2008-04-22 16:31 -------- d-----w c:\program files\Intel
2009-04-06 19:34 . 2008-09-25 14:23 -------- d-----w c:\users\magrabe\AppData\Roaming\Apple Computer
2009-04-06 19:30 . 2008-09-25 14:22 -------- d-----w c:\program files\Bonjour
2009-04-03 19:15 . 2008-11-15 18:47 -------- d-----w c:\users\magrabe\AppData\Roaming\LimeWire
2009-04-02 16:28 . 2008-04-22 16:30 -------- d-----w c:\program files\Java
2009-03-25 10:10 . 2009-02-20 22:10 -------- d-----w c:\program files\Save Flash
2009-03-23 22:24 . 2009-03-18 11:03 -------- d-----w c:\program files\WinTV
2009-03-23 21:45 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-23 21:45 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-23 21:45 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-20 07:14 . 2009-03-20 07:14 -------- d-----w c:\program files\Avira
2009-03-20 07:14 . 2008-09-23 22:29 -------- d-----w c:\programdata\Avira
2009-03-20 06:52 . 2009-03-20 07:14 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-18 11:12 . 2009-03-18 11:12 -------- d-----w c:\users\magrabe\AppData\Roaming\ArcSoft
2009-03-18 11:03 . 2009-03-18 11:03 -------- d-----w c:\programdata\ArcSoft
2009-03-18 11:03 . 2009-03-18 11:03 -------- d-----w c:\program files\Common Files\ArcSoft
2009-03-17 23:24 . 2009-03-17 23:24 -------- d-----w c:\users\magrabe\AppData\Roaming\Xilisoft Corporation
2009-03-17 23:23 . 2009-02-18 21:52 -------- d-----w c:\program files\Xilisoft
2009-03-17 03:38 . 2009-04-16 21:03 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-16 21:03 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 21:03 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-12 19:34 . 2009-03-12 19:34 -------- d-----w c:\program files\MaxlerMediaTranslate
2009-03-12 18:12 . 2009-03-12 18:12 -------- d-----w c:\program files\Jocsoft
2009-03-08 18:34 . 2009-03-08 18:34 -------- d-----w c:\users\magrabe\AppData\Roaming\Move Networks
2009-03-08 11:34 . 2009-03-22 19:08 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-03-22 19:08 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-03-22 19:08 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-03-22 19:08 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-03-22 19:08 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-22 19:08 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-22 19:08 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-22 19:08 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-22 19:08 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-22 19:08 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-03-22 19:08 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-03-22 19:08 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-03-22 19:08 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-03-22 19:08 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-03-22 19:08 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-03-22 19:08 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-03-22 19:08 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-03-22 19:08 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-04 16:32 . 2009-03-04 16:32 -------- d-----w c:\program files\ANI
2009-03-04 16:32 . 2009-03-04 16:32 -------- d-----w c:\program files\D-Link
2009-03-04 16:31 . 2009-03-04 16:31 -------- d-----w c:\users\magrabe\AppData\Roaming\InstallShield
2009-03-03 04:46 . 2009-04-16 21:03 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 21:03 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 21:03 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 21:03 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 21:03 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 21:03 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 21:03 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-16 21:03 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 21:03 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 21:03 17408 ----a-w c:\windows\System32\iashost.exe
2009-02-27 12:30 . 2008-09-19 22:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 09:47 . 2009-02-18 22:24 -------- d-----w c:\users\magrabe\AppData\Roaming\dvdcss
2009-02-20 20:46 . 2009-02-20 20:46 673664 ----a-w c:\windows\system32\drivers\hcw66xxx.sys
2009-02-19 21:07 . 2008-10-05 10:36 -------- d-----w c:\program files\Windows Live
2009-02-18 20:47 . 2009-02-18 20:47 -------- d-----w c:\program files\ImTOO
2009-02-13 08:49 . 2009-04-16 21:03 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-16 21:03 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 07:23 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 18:59 . 2009-02-06 18:59 308104 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-30 19:00 . 2009-01-30 19:00 57344 ----a-w c:\windows\System32\ASTSRV.EXE
2008-10-04 11:05 . 2008-10-04 11:05 691 ----a-w c:\users\magrabe\AppData\Roaming\GetValue.vbs
2008-10-04 11:05 . 2008-10-04 11:05 35 ----a-w c:\users\magrabe\AppData\Roaming\SetValue.bat
2008-10-02 09:39 . 2008-10-02 09:39 81920 ----a-w c:\users\magrabe\AppData\Roaming\ezpinst.exe
2008-10-02 09:39 . 2008-10-02 09:39 47360 ----a-w c:\users\magrabe\AppData\Roaming\pcouffin.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-20 209153]

c:\users\Administrator.magrabe-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

c:\users\Gjest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Firefox Preloader.lnk]
backup=c:\windows\pss\Firefox Preloader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 9.lnk]
backup=c:\windows\pss\SnagIt 9.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^magrabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^magrabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^shup.lnk]
backup=c:\windows\pss\shup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^magrabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]
backup=c:\windows\pss\TRDCReminder.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced DHTML Enable
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nl2plwrk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Explorer

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-241554794-1449342610-4057399551-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1BEC5D9C-8EC5-454C-ACED-563F563300B9}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{764FFB0C-FBA9-4E83-8A33-4081E0BD537F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{00113BE3-D8F5-4C1B-924F-8C4D13AECAD4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B174FE24-0DE9-4C91-9114-9643706F4EA4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{04DDF5B2-848E-4DC1-A0DA-73FA93BD1563}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{FA840506-69C7-4D2D-A333-92376486CD5C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{592D23FD-2303-42EC-A5B3-7EA498504314}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E00B3B19-6175-43C5-ABDD-DE94AA21811A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{28630344-3E69-41F6-9FED-BB3BDD17E087}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{FCAC5228-7BF6-49B4-BB16-E753B9348747}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3645681D-2E6F-49EE-99C6-5B652A56BEE7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{51A6DCE0-38AE-4459-957F-0CCB0F6E44F2}c:\\users\\magrabe\\downloads\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= UDP:c:\users\magrabe\downloads\59-windows_live_messenger_8.1_by_abo_3ankpoot\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"UDP Query User{23595CA8-A85D-4258-B0A8-1A2E8F366657}c:\\users\\magrabe\\downloads\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= TCP:c:\users\magrabe\downloads\59-windows_live_messenger_8.1_by_abo_3ankpoot\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"{B625E3FF-1809-4F2A-B2CF-87FA21B2005C}"= UDP:c:\program files\SMSlisto.com\SMSlisto\SMSlisto.exe:SMSlisto
"{24A83887-57E0-4643-969C-EAA089766932}"= TCP:c:\program files\SMSlisto.com\SMSlisto\SMSlisto.exe:SMSlisto
"{2D4B616D-BDFB-4114-977A-E70B3D36781B}"= UDP:c:\program files\SMSlisto.com\SMSlisto\SMSlisto.exe:SMSlisto
"{BA8FEDD1-EE6B-4E2C-B26E-A9655EE529B1}"= TCP:c:\program files\SMSlisto.com\SMSlisto\SMSlisto.exe:SMSlisto
"{695463FE-9E55-45A1-AC98-2F06DA5153B5}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{CA37799F-A845-4300-873F-A296338CB572}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{DAA83826-BA5A-4527-B9A4-DE04A3B31F82}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{405E9E93-0A8F-4CF2-B79A-D0CF206AE5C6}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{4A0C97E1-85AE-406B-A98E-7E7731A060D5}c:\\users\\magrabe\\desktop\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= UDP:c:\users\magrabe\desktop\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"UDP Query User{591C535C-7A60-4E09-8940-D596D1D206AB}c:\\users\\magrabe\\desktop\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= TCP:c:\users\magrabe\desktop\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"TCP Query User{DE032E2A-672E-4034-B5A3-A6EB8C0BA8DE}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B2EFAAE2-347C-4A65-BEBA-902A95C24343}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{2AAF1462-E49C-4A41-8B07-5DE4F1FEE0F4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0894C6DA-7BB7-41C1-9C82-AE7F48A6A03F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FC5E4882-2D1D-40A9-BE42-3E5AF010F469}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B2F3AEF-8521-4232-A01D-31897D256848}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{125B11D6-BAFF-4A75-8747-A155E1BCE7D9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5DC6894-5CF1-4246-9593-27FFC998ECDA}"= UDP:c:\program files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{35C34E11-2585-4195-806B-8EE3C6AC8347}"= TCP:c:\program files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{E4B40FFF-66B5-4AF9-A54E-70B582BA6A83}"= UDP:c:\program files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{44971447-C6A3-491B-A061-D0FA3AC75C33}"= TCP:c:\program files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{99484AB3-5CF6-400F-9D0F-1D66B56FD746}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{37991B6C-0EA8-444F-9DCD-2CA42F379BC3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{6FAF4AAB-6AD7-47D9-8265-1B24B30C4E1A}c:\\users\\magrabe\\desktop\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= UDP:c:\users\magrabe\desktop\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"UDP Query User{6531C403-230C-4E41-89B2-766E12233259}c:\\users\\magrabe\\desktop\\59-windows_live_messenger_8.1_by_abo_3ankpoot\\59- windows live messenger 8.1\\windows_live_messenger_8.1.exe"= TCP:c:\users\magrabe\desktop\59-windows_live_messenger_8.1_by_abo_3ankpoot\59- windows live messenger 8.1\windows_live_messenger_8.1.exe:windows_live_messenger_8.1.exe
"{5649BCFC-08A8-42DC-B0BE-5FF0F8CDF9AD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{77EF7787-EA63-4C39-8696-B782A38E25F1}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D66F954A-BDEB-49D2-8883-02FEB302CF5A}"= UDP:d:\downloads\Downloads\utorrent-1.8.1-beta-12320.upx.exe:µTorrent (TCP-In)
"{D63FECE6-FBDC-46E2-BAE9-FD02E23ABEA1}"= TCP:d:\downloads\Downloads\utorrent-1.8.1-beta-12320.upx.exe:µTorrent (UDP-In)
"TCP Query User{1B95739D-D37F-4B4D-988B-B8364D75226A}c:\\users\\magrabe\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\magrabe\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{164D4345-51DF-402C-BA91-B09D71B354E5}c:\\users\\magrabe\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\magrabe\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{4AFEE568-D20A-4261-B96C-34C506929AF0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{B3B44D3E-71F2-41B2-887A-14C4D4096290}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3B2FF8FD-55B9-4FD6-ADD4-19CF1B29A9B3}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{DC9AD968-862F-42EF-B7CF-12A65A0A416F}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{196A1AC2-B414-40DF-A082-F07411563923}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B475555F-6C84-4232-B228-3773EEE5B131}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{66A86DF1-F242-4B1A-95BB-087555721F0F}c:\\appserv\\apache2.2\\bin\\httpd.exe"= UDP:c:\appserv\apache2.2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{407C2AEA-6E51-4E33-9E33-5AB14749B554}c:\\appserv\\apache2.2\\bin\\httpd.exe"= TCP:c:\appserv\apache2.2\bin\httpd.exe:Apache HTTP Server
"{2A0235F2-8C91-495C-8D6A-C7E289D4257E}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{C6874BD7-BDE6-43DB-8E1C-521BF1A40090}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2E64B1AB-F414-41E8-92C1-244054D3C7E7}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4AAF6128-4C43-4A8B-B2FF-F01AD451857A}c:\\program files\\windows media components\\encoder\\wmenc.exe"= UDP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"UDP Query User{B9DEC4AD-7177-400F-B582-AB526F837EA8}c:\\program files\\windows media components\\encoder\\wmenc.exe"= TCP:c:\program files\windows media components\encoder\wmenc.exe:Windows Media Encoder
"{B0F044FD-5F94-4BEF-94DA-8C8D9592B199}"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{D0932674-128B-40A9-8A65-FD4FB4BB87DD}"= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{E17C3866-76DF-4D0B-A9E7-66DBA025CDCD}"= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{DF5EFB29-6210-4C7F-8C09-6339EEB33790}"= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{9F755216-98AA-49E2-8EBB-F3CCC3EF214B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{1898CB95-73FD-4026-809B-6A1E7EF599F4}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5CE94240-F654-45A9-AF0D-7D44221C1DC5}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{77DD6193-8CFA-48B9-A572-4BE4B45D8560}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{44BE4404-CD65-42F0-8548-F138AA64B0E7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7AF79C5D-7ED4-44F2-A31A-83EFC6369635}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{79281456-AAC3-4A56-8743-7BBBE88D7196}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{B1AFDAE1-D789-4309-9B32-BD51FDF88AC0}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{66B006EB-79EE-4074-B4DB-4C6D3E014FE2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{160C6F58-D5F9-4ED3-B91F-2527453BF507}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{BEFFB8FE-A4D9-459E-8EF9-05362E93AB34}c:\\program files\\safari\\safari.exe"= UDP:c:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{599100C5-92CD-40D8-90FD-4B4AEF5B5407}c:\\program files\\safari\\safari.exe"= TCP:c:\program files\safari\safari.exe:Safari Web Browser
"TCP Query User{0E7C4C57-E91E-4914-A164-517C60840890}c:\\program files\\adobe\\flash media server 3.5\\apache2.2\\bin\\httpd.exe"= UDP:c:\program files\adobe\flash media server 3.5\apache2.2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{7DC7BAB8-BE29-4636-B0FE-16A4DB52F9EF}c:\\program files\\adobe\\flash media server 3.5\\apache2.2\\bin\\httpd.exe"= TCP:c:\program files\adobe\flash media server 3.5\apache2.2\bin\httpd.exe:Apache HTTP Server
"{95B670C7-AC4D-40BE-B643-EF6C889932F5}"= UDP:5353:Adobe CSI CS4
"{89C9D33D-3E1E-442C-B7CD-FBDFCE1E0DEE}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{7139D926-7992-47A9-891C-ABDF4F9D0538}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{90FB5C1E-F925-4105-80AC-13B9BADA4C70}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= UDP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"UDP Query User{CB5C56AA-7A0C-481A-A24C-E6B2BC4CDA88}c:\\program files\\spacialaudio\\sambc\\sambc.exe"= TCP:c:\program files\spacialaudio\sambc\sambc.exe:SAMBC
"TCP Query User{56F06341-C3C0-4F63-BA9F-F266DA287DBC}c:\\program files\\shoutcast\\sc_serv.exe"= UDP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"UDP Query User{9AF52867-FF89-441F-991E-7205559231E3}c:\\program files\\shoutcast\\sc_serv.exe"= TCP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"{1F896CF3-D4BE-41A2-9D0F-CEABAD34E777}"= UDP:86:BroadCam Web Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"= c:\program files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client

R2 PRLDHCP;Parallels DHCP Service for Virtual NIC;c:\program files\Parallels\Parallels Workstation\PRLDHCP.exe [2008-01-16 32768]
R3 hcw17bda;Hauppauge SMS1000-based; [x]
R3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2009-02-20 673664]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
R4 BroadCamService;BroadCam Service;c:\program files\NCH Software\BroadCam\broadCam.exe [2009-04-16 368644]
R4 mchInjDrv;mchInjDrv;c:\windows\system32\Drivers\mchInjDrv.sys [2008-10-04 2560]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-03-20 186625]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-20 108289]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-03-20 432897]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe [2008-01-17 24635]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-12 65536]
S2 hypervisor;Parallels Hypervisor;c:\windows\system32\drivers\hypervisor.sys [2008-01-16 51712]
S2 pvs;Parallels Kernel Driver;c:\windows\system32\drivers\pvs.sys [2008-01-16 28800]
S2 pvsnet;Parallels Network Driver;c:\windows\system32\DRIVERS\pvsnet.sys [2008-01-16 12310]
S2 pvspth;Parallels Passthrough Driver;c:\windows\system32\drivers\pvspth.sys [2008-01-16 13344]
S2 pvsum;Parallels USB Manager;c:\windows\system32\drivers\pvsum.sys [2008-01-16 8320]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-12 1527893]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 PVSVNIC;Parallels Virtual NIC Driver;c:\windows\system32\DRIVERS\pvsvnic.sys [2008-01-16 4412]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c7909a4-aaee-11dd-a072-00037a88fbd1}]
\shell\AutoRun\command - H:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78cbc18a-2b98-11de-a156-00037a88fbd1}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-241554794-1449342610-4057399551-1000.job
- c:\users\magrabe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-10 21:31]

2008-12-20 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2008-11-23 12:25]

2009-03-23 c:\windows\Tasks\PCMService.exe_2252350491.job
- c:\program files\CyberLink\PowerCinema\PCMService.exe [2009-03-23 22:04]

2009-04-17 c:\windows\Tasks\User_Feed_Synchronization-{5B28D574-8C37-402E-9DC3-19778CA29267}.job
- c:\windows\system32\msfeedssync.exe [2009-03-22 11:31]

2009-04-19 c:\windows\Tasks\User_Feed_Synchronization-{8B7F91C1-D6BF-4B03-8E6D-756203EB11BA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-22 11:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.hiyo.com/
mStart Page = hxxp://www.google.co.uk
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\magrabe\AppData\Roaming\Mozilla\Firefox\Profiles\zll34n47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sudanhome.no/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\users\magrabe\AppData\Roaming\Mozilla\Firefox\Profiles\zll34n47.default\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}\components\snagitmozextension.dll
FF - component: c:\users\magrabe\AppData\Roaming\Mozilla\Firefox\Profiles\zll34n47.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\magrabe\AppData\Roaming\Mozilla\Firefox\Profiles\zll34n47.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\magrabe\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\users\magrabe\AppData\Roaming\Mozilla\Firefox\Profiles\zll34n47.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Rootkit scan 2009-04-19 19:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0x00000405

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-04-19 19:27
ComboFix-quarantined-files.txt 2009-04-19 17:27

Pre-Run: 72 322 609 152 bytes free
Post-Run: 72 307 712 000 bytes free

411 --- E O F --- 2009-04-16 23:00
 
توقيع : maawya
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


شكرا اخي العزيز ..قمت بعمل المطلوب ولكن ما زالت مشكله الويندوز ريستور قائمه !!!
 
توقيع : maawya
تأييد 0
هل الفورمات الحل الوحيد
 
توقيع : maawya
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى