جهازي مصاب يوجد تقرير بالداخل

س

سهر الليل

زيزوومي جديد
إنضم
8 مايو 2009
المشاركات
13
مستوى التفاعل
0
النقاط
20
غير متصل
السلام عليكم

انا جهازي يحتوي ع ملفات تجسس واريد منكم المساعده

وهذا تقرير جهازي للمعلوميه جهازي فيستا




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:09 م, on 08/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Vista\Desktop\Zyzoom_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DellRemote] "C:\Dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WMPControllerService - Gyration, Inc. - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
--
End of file - 5720 bytes
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
وعليكم السلام

حيااك يا غالي

عطل جميع برامج الحمايه >>> تأكد من وقت وتاريخ الجهاز
>>> لاتغير اسم الاداة واحفظها على سطح المكتب
وحمل هذه الاداة واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم

وبعدها هايجاك جديد لا هنت
 
توقيع : أعتز بك
تأييد 0
ComboFix 09-05-07.A01 - Vista 05/08/2009 22:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1025.18.2045.1419 [GMT 3:00]
Running from: c:\users\Vista\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winsusrm.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.
2009-05-08 08:12 . 2009-05-08 08:12 -------- d-----w c:\program files\XoftSpy
2009-05-08 07:47 . 2009-05-08 07:50 -------- d-----w c:\users\Vista\AppData\Roaming\cleaner
2009-05-08 07:06 . 2009-05-08 07:06 -------- d-----w c:\users\Vista\AppData\Roaming\URSoft
2009-05-08 07:06 . 2009-05-08 07:20 -------- d---a-w c:\programdata\TEMP
2009-05-08 07:06 . 2009-05-08 07:20 -------- d---a-w c:\users\All Users\TEMP
2009-05-08 07:06 . 2009-05-08 07:11 -------- d-----w c:\program files\Your Uninstaller 2008
2009-05-08 04:16 . 2009-05-08 04:16 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-08 04:16 . 2009-05-08 04:16 -------- d-----w c:\program files\Common Files\Nokia
2009-05-08 03:00 . 2009-05-08 03:00 -------- d-sh--w c:\users\Vista\Phone Browser
2009-05-08 02:38 . 2009-05-08 02:43 -------- d-----w c:\programdata\PC Suite
2009-05-08 02:38 . 2009-05-08 02:43 -------- d-----w c:\users\All Users\PC Suite
2009-05-08 02:38 . 2009-05-08 02:43 -------- d-----w c:\users\Vista\AppData\Roaming\Nokia
2009-05-08 02:37 . 2009-05-08 02:38 -------- d-----w c:\users\Vista\AppData\Roaming\PC Suite
2009-05-08 02:37 . 2009-05-08 02:37 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-08 02:37 . 2006-10-10 05:54 50688 ----a-w c:\windows\system32\nmwcdcls.dll
2009-05-08 02:37 . 2009-05-08 04:16 -------- d-----w c:\program files\Nokia
2009-05-04 18:49 . 2009-05-04 18:49 -------- d-----w c:\programdata\WindowsSearch
2009-05-04 18:49 . 2009-05-04 18:49 -------- d-----w c:\users\All Users\WindowsSearch
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 18:44 . 2008-01-21 05:58 78084 ----a-w c:\windows\system32\perfc001.dat
2009-05-08 18:44 . 2008-01-21 05:58 438300 ----a-w c:\windows\system32\perfh001.dat
2009-05-08 18:39 . 2008-08-09 18:46 1356 ----a-w c:\users\Vista\AppData\Local\d3d9caps.dat
2009-05-08 18:31 . 2008-08-09 18:34 12 ----a-w c:\windows\bthservsdp.dat
2009-05-08 02:43 . 2009-05-08 02:43 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-05-08 02:43 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-08 02:43 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-08 02:41 . 2009-05-08 02:41 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-08 02:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-02 18:36 . 2009-03-28 08:57 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-03-28 09:59 . 2008-08-09 19:57 -------- d-----w c:\program files\Real_SC
2009-03-28 08:57 . 2009-03-28 08:57 -------- d-----w c:\program files\Avira
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellRemote"="c:\dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe" [2006-12-08 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-09-18 29696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-09-29 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-10 185896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-10 113664]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E14DC84-C70C-43B0-BEB0-9F0549E2D969}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{28966EF0-4E28-4614-9CC1-1701E3556790}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CB6251CD-9AC1-402B-8C1A-927BDAD5E738}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{85F256F9-E191-4BC7-B0CB-250FEA9BD2E2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7D467180-2A30-4A1D-B38F-4B8207D0B1B5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FE53A811-5E90-47CF-821C-EDD5E2BFB6D9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/03/09 11:57 ص 108289]
R2 WMPControllerService;WMPControllerService;c:\dell\Utilities\Dell Premium Remote Control\WMPControllerService.exe [09/08/08 10:23 م 499712]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/08 05:23 ص 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ecf465-6642-11dd-a8a8-001f3ad9b5a4}]
\shell\AutoRun\command - F:\ntde1ect.com
\shell\explore\Command - F:\ntde1ect.com
\shell\open\Command - F:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ecf469-6642-11dd-a8a8-001f3ad9b5a4}]
\shell\AutoRun\command - G:\ntde1ect.com
\shell\explore\Command - G:\ntde1ect.com
\shell\open\Command - G:\ntde1ect.com
.
Contents of the 'Scheduled Tasks' folder
2009-05-08 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2005-07-06 18:53]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Device Detector - DevDetect.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-05-08 22:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\windows\TEMP\TMP0000006C51010FC6B9C084E4 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.3g2"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.amc"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (S-1-5-21-1672169500-1379965466-4172762066-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\ShowTime.exe"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bwf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cdda"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cel"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.flc"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fli"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gsm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1672169500-1379965466-4172762066-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m15"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m1a"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m2a"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4a"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4b"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4p"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m75"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mpv"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pics"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qcp"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qtpf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sd2"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sdv"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sfil"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sml"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.swa"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ulw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.vfw"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
[HKEY_USERS\S-1-5-21-1672169500-1379965466-4172762066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-08 22:37
ComboFix-quarantined-files.txt 2009-05-08 19:37
Pre-Run: 111,884,914,688 bytes free
Post-Run: 111,870,627,840 bytes free
480
 
تأييد 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:22 م, on 08/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Users\Vista\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DellRemote] "C:\Dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WMPControllerService - Gyration, Inc. - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
--
End of file - 5109 bytes
 
تأييد 0
تمام ...

حدد هذه القيمة و سوي لها أصلاح ...

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

طريقة الأصلاح ...


mg%20%283%29.png




mg%20%284%29.png



ثم نزل هذه الاداة واتبع الشرح التالي


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


او

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




التوافق : ويندوز اكسبيفقط



شرح الاستخدام ,,,,,,


عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )

000.png




001.png




وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))



002.png


و بعد أعادة التشغيل هات تقرير جديد ...
 
التعديل الأخير بواسطة المشرف:
توقيع : MMA_LORD_735
تأييد 0
التوافق : ويندوز اكسبيفقط
أنقر للتوسيع...
اخووي جهازي فيستا يعني مايصلح استعمل الاداه صح

 
تأييد 0
Platform: Windows Vista SP1 (WinNT 6.00.1905)
أنقر للتوسيع...
عذرا ً منك يالغلا ...

ضغط الموضيع خلاني أنسى :( ...

المهم تفضلى هذه الأداة ...


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




wh_15149054.png


و بعدها تقرير جديد ...
 
التعديل الأخير بواسطة المشرف:
توقيع : MMA_LORD_735
تأييد 0
اوكيه اخوي عادي

المهم اخوي لمن جيت ابي اعمل اصلاح يطلع معي كذا



i11086_.gif
 
تأييد 0
لرفع

لرفع
 
تأييد 0
طيب اختار القيمه

واضغط اصلاح كما في الشرح

واذا جتك الرساله اختار موافق < مع العلم انها لا تأتي بالعادة

وهات هايجاك جديد
 
توقيع : أعتز بك
تأييد 0
ضغطة موافق وطلعت لي كثير

المهم هذا الهاجك الجديد


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:13 ص, on 09/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Vista\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DellRemote] "C:\Dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WMPControllerService - Gyration, Inc. - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
--
End of file - 5283 bytes
 
تأييد 0
القيمة لم تنحذف

قم بتحمل أداة الهايجاك من جديد وتفضل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وعمل ما ذكر مسبق
 
توقيع : أعتز بك
تأييد 0
واذا ما نفع

أستخدمها بالوضع الآمن

طريقة الدخول الى الوضع الامن (Safe Mode)

اضغط باستمرار على زر f8


wh_62195183.png


ستاتيك شاشة فيهاا عدة خيارات اختر منهاا

safemode

wh_39783481.png



ثم اختر التالي

wh_12507056.png



wh_11747871.png



من الشاشة التالية اختر حساب الادمن او اي حساب تريد


wh_85829423.png



اخيرا اضغط موافق للدخول لسطح المكتب


wh_64184495.png



بالتوفيق
 
توقيع : أعتز بك
تأييد 0
عملتها ع وضع السيف مود وكأنها انحذفت

هذاالتقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:41 ص, on 09/05/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\DELL\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\taskeng.exe
C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerServer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Vista\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DellRemote] "C:\Dell\Utilities\Dell Premium Remote Control\WMPRemoteTray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WMPControllerService - Gyration, Inc. - C:\DELL\Utilities\Dell Premium Remote Control\WMPControllerService.exe
--
End of file - 5176 bytes
 
تأييد 0
طيب يا الغلا

القيمه أنحذفت

وتفضل هذا الموضوع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وبعدها

حمل الاداة التالية

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وأغلق جميع البرامج

قم بتعطيل استعادة النظام كما في الشرح

i10673_.gif


شغلها فتظهر لك واجهة الاداة

اختر خيار التنظيف فتظهر شاشة الدوس للفحص

اتركها حتى تنتهي ويظهر التقرير

انسخه والصقه بمشاركتك القادمة
 
توقيع : أعتز بك
تأييد 0
طيب اخوي شوف الي طلع معي


i11092_.gif



يعني ماطلع مثل الصوره الي بالموضوع


zyzoom-8d590409c6.png
 
تأييد 0
أخي جهازك سليم من ملفات التجسس

الصوره اللي بنفس الموضوع عند وجود ملفات تجسس نقوم بتنظيفها

اما جهازك الحمد الله ما في شي

واذا مصر للتأكد تفضل هذا البرنامج

لعمل فحص للجهاز وحماية جهازك وانا انصحك به

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


بالتوفيق
 
توقيع : أعتز بك
تأييد 0
طيب اخوي جاري التحمبل
 
تأييد 0
طيب اخوي انا حملت البرنامج وطلع معي فايروس واحد وحذفته

المهم انا لمن احط تشغيل system.ini

يطلع معي

; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]



والي قريت بموضوع لمن يطلع 0WOA

يكون فيه ملفات تجسس يعني جهازي فيه ولا نظيف وهذا الي اتمناه
 
تأييد 0
مرحبا ًَ ...

أخي هات تقرير هايجك جديد ...

و بخصوص الأمر لـsystem.ini

لا تصدق هذا الكلام ...

شفته كثير و بكثير موضيع ...

حتى انا طلعت عندي القيمة !! ...

يعني جهازي مختراق ؟ << خـــسى هههه ...

هات تقرير هايجك جديد ...

و بلنسبة للموضوع الذي عطاك ياه العزيز " أعتز بك " ...

ياليت تشوف ملاحظلاتي داخل الموضوع ...

<< أنتبه تحزف كراك أو باتش ...
 
توقيع : MMA_LORD_735
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى