[ تم حل المشكله ] شكوك حول إصابة الجهاز..!

[albavary_13]

السلام عليكم ورحمة الله وبركاته​

جزاكم الله الف خير​

ورحم الله والديكم​

السالفة​

جات لأخوي إضافه على الإيميل من شخص غريب​

على كلام اخوي​

إن الشخص الغريب حاول يسوي مكالة فيديو ويرسل صور لاكن اخوي كان يكنسلها​

لاكن تم تصوير كم صوره من الكاام وتم وضعها على صورته الرمزية كيف ما ادري​

فشكيت إن إخترق الجهاز​

فسويت تقرير هايجاك فكانت هذه النتيجة​

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28:42 م, on 30/06/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal​

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\hp\Desktop\تطبيقات\عااااااااااااام\kingooo_hijackthis_aio.exe
C:\Users\hp\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\hp\Desktop\تطبيقات\عااااااااااااام\Zyzoom_HijackThis.exe
C:\Program Files\Avant Browser\avant.exe​

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\Registry Compressor\rbcs.exe" -autorun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe​

--
End of file - 7319 bytes​

واشك إن الإصابة في​

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe​

O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\Registry Compressor\rbcs.exe" -autorun​

هل علي حذفها ام لا..؟

وبعدها عملت تقرير اداة combofix​

ComboFix 09-06-29.07 - hp 07/01/2009 0:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.966.1033.18.3068.2162 [GMT 1:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.​

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.​

2009-07-01 00:00 . 2009-07-01 00:00 -------- d-----w- c:\users\hp\AppData\Local\temp
2009-06-30 01:30 . 2009-06-30 01:31 -------- d-----w- C:\QUARANTINE
2009-06-29 23:15 . 2009-06-29 23:15 -------- d-----w- c:\programdata\McAfee
2009-06-29 04:46 . 2009-06-29 04:46 -------- d-----w- c:\users\hp\AppData\Local\ACD Systems
2009-06-29 04:46 . 2009-06-29 04:46 -------- d-----w- c:\users\hp\AppData\Roaming\ACD Systems
2009-06-29 04:44 . 2009-06-29 04:44 -------- d-----w- c:\programdata\ACD Systems
2009-06-29 04:44 . 2009-06-29 04:44 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-29 04:44 . 2009-06-29 04:44 -------- d-----w- c:\program files\ACD Systems
2009-06-29 04:40 . 2009-06-29 04:40 -------- d-----w- c:\users\hp\AppData\Local\Downloaded Installations
2009-06-28 03:02 . 2009-06-28 03:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-28 02:56 . 2009-06-28 02:56 -------- d-----w- c:\program files\My Company
2009-06-26 22:18 . 2009-06-26 22:18 62728 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-06-26 22:18 . 2009-06-26 22:18 43784 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-06-26 22:18 . 2009-06-26 22:18 365832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-06-26 22:18 . 2009-06-26 22:18 201992 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Update distribution\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-06-26 22:18 . 2009-06-26 22:18 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\scrchpg.dll
2009-06-26 22:18 . 2009-06-26 22:18 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\x64\klbg.sys
2009-06-26 22:17 . 2009-06-26 22:18 247312 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista64\klif.sys
2009-06-26 22:17 . 2009-06-26 22:17 218640 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP64\klif.sys
2009-06-26 22:17 . 2009-06-26 22:17 226832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-26 22:17 . 2009-06-26 22:17 230032 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\w2000\klif.sys
2009-06-26 22:16 . 2009-06-26 22:16 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\scrchpg.dll
2009-06-26 22:16 . 2009-06-26 22:16 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-26 22:16 . 2009-06-26 22:16 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-26 22:16 . 2009-06-26 22:16 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\x64\klbg.sys
2009-06-26 22:16 . 2009-06-26 22:16 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-26 22:16 . 2009-06-26 22:16 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista64\klif.sys
2009-06-26 22:15 . 2009-06-26 22:16 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP64\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\XP\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\w2000\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 38416 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\klbg.sys
2009-06-26 22:15 . 2009-06-26 22:15 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-06-26 22:15 . 2009-06-26 22:15 227856 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista64\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\Vista\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 202768 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP64\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 213520 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-06-26 22:15 . 2009-06-26 22:15 215824 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\w2000\klif.sys
2009-06-26 22:14 . 2009-06-26 22:14 22792 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\vkbd64.dll
2009-06-26 22:14 . 2009-06-26 22:14 176656 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\scrchpg.dll
2009-06-26 22:14 . 2009-06-26 22:14 60168 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\x64\ievkbd.dll
2009-06-26 22:14 . 2009-06-26 22:14 21256 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\vkbd.dll
2009-06-26 22:14 . 2009-06-26 22:14 861448 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\updater.dll
2009-06-26 22:13 . 2009-06-26 22:13 83208 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\mzvkbd.dll
2009-06-26 22:13 . 2009-06-26 22:13 62728 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ievkbd.dll
2009-06-26 22:13 . 2009-06-26 22:13 43784 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\fssync.dll
2009-06-26 22:13 . 2009-06-26 22:13 365832 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\ckahum.dll
2009-06-26 22:12 . 2009-06-26 22:12 201992 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\avp.exe
2009-06-24 01:49 . 2009-06-24 01:49 -------- d-----w- c:\programdata\Trymedia
2009-06-21 13:09 . 2009-06-21 13:09 -------- d-----w- c:\users\hp\AppData\Local\Adobe
2009-06-20 20:56 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-06-20 20:56 . 2008-01-10 12:15 755027 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-20 20:56 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-20 20:56 . 2008-07-23 16:50 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-20 20:56 . 2008-01-10 12:16 159839 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-20 20:56 . 2008-07-25 08:34 81920 ----a-w- c:\windows\system32\dpl100.dll
2009-06-20 20:56 . 2008-07-25 08:34 683520 ----a-w- c:\windows\system32\divx.dll
2009-06-20 20:56 . 2008-06-12 18:36 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-20 20:56 . 2009-06-20 20:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-16 22:05 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2009-06-16 22:05 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2009-06-16 22:05 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2009-06-16 22:05 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2009-06-12 22:43 . 2009-06-12 22:43 -------- d-----w- c:\users\hp\AppData\Local\Innovative Solutions
2009-06-12 22:42 . 2009-06-12 22:42 -------- d-----w- c:\program files\Innovative Solutions
2009-06-10 23:48 . 2009-01-09 11:46 39776 ----a-w- c:\windows\system32\DfSdkBt64.exe
2009-06-10 23:48 . 2009-01-09 11:46 33632 ----a-w- c:\windows\system32\DfSdkBt.exe
2009-06-10 23:48 . 2009-06-10 23:48 -------- d-----w- c:\program files\Ashampoo
2009-06-10 14:32 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-05 19:09 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-06-05 17:35 . 2009-06-05 17:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-05 17:35 . 2009-06-05 17:35 -------- d-----w- c:\program files\Java
2009-06-02 10:44 . 2009-06-02 10:44 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-01 16:44 . 2009-06-01 16:44 45568 ----a-w- c:\windows\system32\YM11AUTH.DLL
2009-06-01 16:20 . 2004-01-29 13:32 132608 ----a-w- c:\windows\system32\TLBINF32.DLL
2009-06-01 11:15 . 2009-06-01 11:15 -------- d-----w- c:\users\hp\AppData\Roaming\Avant Profiles
2009-06-01 11:15 . 2009-06-01 11:15 -------- d-----w- c:\program files\Avant Browser
2009-06-01 10:58 . 2009-06-01 13:23 -------- d-----w- c:\users\hp\AppData\Roaming\TeamViewer
2009-06-01 10:58 . 2009-06-01 10:58 -------- d-----w- c:\program files\TeamViewer
2009-06-01 10:57 . 2009-06-01 10:57 -------- d-----w- c:\users\hp\temp​

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 23:27 . 2009-04-14 15:22 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-30 23:27 . 2009-04-13 03:11 42274 ----a-w- c:\programdata\nvModes.dat
2009-06-30 17:40 . 2009-04-23 21:03 704544 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-30 17:40 . 2009-04-23 21:03 4902944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 17:40 . 2009-04-23 21:03 4536 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-30 17:40 . 2009-04-23 21:03 41480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-30 17:40 . 2009-04-14 10:19 1660 ----a-w- c:\windows\bthservsdp.dat
2009-06-30 16:00 . 2009-04-18 23:40 -------- d-----w- c:\users\hp\AppData\Roaming\DMCache
2009-06-30 02:17 . 2009-04-18 23:40 -------- d-----w- c:\users\hp\AppData\Roaming\IDM
2009-06-28 21:20 . 2009-04-12 21:39 98832 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 03:02 . 2009-04-12 21:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-28 02:58 . 2009-04-12 21:56 -------- d-----w- c:\program files\Real
2009-06-26 22:18 . 2009-04-23 21:27 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-26 22:18 . 2009-04-23 21:27 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-26 22:17 . 2009-04-23 21:27 239120 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\Vista\klif.sys
2009-06-21 23:47 . 2009-04-12 21:55 -------- d-----w- c:\program files\Real_SC
2009-06-21 13:48 . 2008-07-02 18:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 03:04 . 2008-07-02 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 15:42 . 2009-05-28 21:33 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2009-06-11 15:38 . 2009-04-18 23:40 -------- d-----w- c:\program files\Internet Download Manager
2009-06-11 00:40 . 2009-04-20 09:43 1356 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2009-06-10 23:57 . 2009-04-12 21:55 -------- d-----w- c:\program files\GRETECH
2009-06-10 23:56 . 2009-04-12 21:56 -------- d-----w- c:\programdata\Skype
2009-06-10 23:54 . 2008-07-02 17:57 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 19:16 . 2008-07-02 18:21 -------- d-----w- c:\program files\MSN Messenger
2009-06-05 17:00 . 2008-07-02 17:06 -------- d-----w- c:\programdata\Symantec
2009-06-05 17:00 . 2008-07-02 17:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-05 14:24 . 2008-07-02 17:41 -------- d-----w- c:\programdata\WildTangent
2009-06-04 16:37 . 2009-04-23 22:14 -------- d-----w- c:\program files\Common Files\delet
2009-06-01 12:40 . 2009-04-12 19:33 -------- d-----w- c:\users\hp\AppData\Roaming\Hewlett-Packard
2009-06-01 12:33 . 2008-07-02 17:41 -------- d-----w- c:\programdata\Hewlett-Packard
2009-05-28 21:33 . 2009-05-28 21:33 -------- d-----w- c:\program files\uTorrent
2009-05-28 21:09 . 2009-05-28 20:57 -------- d-----w- c:\program files\BitComet
2009-05-28 17:07 . 2009-04-14 10:36 -------- d-----w- c:\program files\UltraISO
2009-05-28 17:07 . 2009-05-28 17:07 -------- d-----w- c:\program files\Common Files\EZB Systems
2009-05-27 12:47 . 2009-05-27 08:59 -------- d-----w- c:\program files\Registry Compressor
2009-05-27 09:21 . 2009-05-27 08:47 -------- d-----w- c:\program files\Registry Fast
2009-05-27 09:12 . 2009-05-27 09:12 4 ----a-w- c:\windows\RegDefrag.dat
2009-05-20 14:53 . 2009-05-20 14:53 -------- d-----w- c:\program files\LSI SoftModem
2009-05-19 23:34 . 2009-04-23 21:05 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-19 23:34 . 2009-04-23 21:05 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-15 13:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-15 13:00 . 2009-04-23 20:45 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-09 05:50 . 2009-06-10 14:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 14:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 12:04 . 2009-04-19 07:50 -------- d-----w- c:\users\hp\AppData\Roaming\CyberLink
2009-05-02 08:51 . 2008-07-02 18:08 -------- d-----w- c:\programdata\Microsoft Help
2009-04-24 01:09 . 2009-04-24 01:09 181680 ----a-w- c:\users\hp\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
2009-04-23 22:22 . 2009-04-23 22:22 7168 ----a-w- c:\users\hp\AppData\Roaming\Thinstall\Microsoft Text-to-Speech Engine 4.0 (English)\4000005e00002i\vcmd.exe
2009-04-23 21:28 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-04-23 12:42 . 2009-06-10 14:33 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 14:33 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 13:22 . 2009-04-17 13:12 14191064 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2009-04-14 12:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-13 03:53 . 2009-04-13 03:53 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-04-13 03:04 . 2009-04-13 03:04 251 ----a-w- c:\windows\xUninstall.bat
2009-04-12 21:55 . 2009-04-12 21:55 90112 ----a-w- c:\windows\system32\agsaami.dll
2009-04-12 21:55 . 2009-04-12 21:55 610304 ----a-w- c:\windows\system32\agsaamg.dll
2009-04-12 21:55 . 2009-04-12 21:55 2535424 ----a-w- c:\windows\system32\agsaamj.dll
2009-04-12 21:55 . 2009-04-12 21:55 1986560 ----a-w- c:\windows\system32\akll.dll
2009-04-12 21:55 . 2009-04-12 21:55 196608 ----a-w- c:\windows\system32\maag.dll
2009-04-12 21:55 . 2009-04-12 21:55 1245184 ----a-w- c:\windows\system32\bkll.dll
2009-04-12 21:55 . 2009-04-12 21:55 1212416 ----a-w- c:\windows\system32\ckll.dll
2009-04-12 21:55 . 2009-04-12 21:55 372736 ----a-w- c:\windows\system32\agsaamc.dll
2008-07-02 15:47 . 2008-07-02 15:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.​

((((((((((((((((((((((((((((( SnapShot@2009-06-30_16.00.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-30 21:01 47656 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-30 23:29 96814 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-13 02:58 . 2009-06-30 23:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-13 02:58 . 2009-06-30 15:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-13 02:58 . 2009-06-30 23:25 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-13 02:58 . 2009-06-30 15:35 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-13 02:58 . 2009-06-30 15:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-13 02:58 . 2009-06-30 23:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-06-30 23:35 86016 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-06-30 04:33 86016 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-06-30 23:35 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-06-30 04:33 51200 c:\windows\inf\infpub.dat
- 2009-04-12 19:32 . 2009-06-30 15:39 8114 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1141107431-20116592-1235983860-1000_UserData.bin
+ 2009-04-12 19:32 . 2009-06-30 23:29 8114 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1141107431-20116592-1235983860-1000_UserData.bin
- 2006-11-02 10:33 . 2009-06-30 15:40 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-30 23:31 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-30 15:40 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-30 23:31 101250 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4​

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe" [BU]​

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-04-23 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-05 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]​

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-21 113664]​

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)​

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)​

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv​

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"​

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"​

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001​

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1141107431-20116592-1235983860-1000]
"EnableNotificationsRef"=dword:00000001​

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C4E6962E-6D84-46AD-B9D8-92702FF0DEBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{4D529AD3-F180-40FF-8525-6A3CD59D1675}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D16AAD42-BE38-49A1-A454-15571B2CB52D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A1D6819D-9596-409F-9ECB-BFDC1265B6F6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C95493F9-D430-4CC4-A169-6F57233F1EF6}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B6A0DF96-7B7A-437E-9EA2-2ECF86A46A51}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E870EF66-C85C-4E65-A3EE-83149BF7C819}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{7F40ACD5-70FB-4CF2-A597-1A856E0A31DF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9061E82A-E1A5-488C-97D2-917BF078FA53}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{AF230319-67CD-42EE-813E-488B9508097A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E8BFD9F0-1E79-4733-B2B3-F03FE13BC2E9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3EB1AAA1-6DCB-4DDE-9839-8D8CBD5E9AFD}"= UDP:c:\users\hp\Desktop\utorrent-1.8.2.upx.exe:µTorrent (TCP-In)
"{21D931F5-EBAD-41BE-BB97-22D5746B830C}"= TCP:c:\users\hp\Desktop\utorrent-1.8.2.upx.exe:µTorrent (UDP-In)
"{77063AE9-37BA-4FE1-A866-BFABC70EA696}"= UDP:20224:BitComet 20224 TCP
"{F5FD2E5A-165F-40E4-9FDF-C09E045FDB06}"= TCP:20224:BitComet 20224 UDP
"{A221EA86-1AA4-4FB7-8B0E-A4332622D91C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D0934256-2E20-420F-A848-8718031DE9C9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7BCEFC27-19DC-4BD1-B329-4B48667BA06B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C9F767C7-0662-4D5D-A0C8-3AC6A7EBE6CA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)​

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/08 05:29 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/08 05:28 م 20496]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [13/04/09 04:04 ص 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/08 03:23 ص 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/08 12:24 ص 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [02/07/08 07:25 م 341328]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28/01/09 08:39 ص 185640]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/08 02:23 م 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/08 12:14 م 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/08 03:40 م 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23/05/08 04:29 ص 43552]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/07/08 06:29 م 193840]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [11/06/09 12:48 ص 410976]​

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ​

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc​

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP​

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -​

HKLM-Run-CheckRegDefragService - c:\progra~1\Registry Compressor\rbcs.exe​

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.sa/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sa&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: تحميل الكل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى FLV بواسطة Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
.​

**************************************************************************​

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-01 01:00
Windows 6.0.6001 Service Pack 1 NTFS​

scanning hidden processes ...​

scanning hidden autostart entries ...​

scanning hidden files ...​

scan completed successfully
hidden files: 0​

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1141107431-20116592-1235983860-1000)
"Progid"="ACDSee Photo Manager 2009.png"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000_Classes\CLSID\{324f9563-a9d4-420d-9577-17a56ea7d532}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b2
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,3a,43,fc,33,ef,2f,e7,91,f6,28,80,c0,85,e2,\​

[HKEY_USERS\S-1-5-21-1141107431-20116592-1235983860-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d7,fc,f0,59,a1,bb,d1,f1,bc,f5,ff,1f,2a,9c,55,c2,d9,fe,80,4e,88,
8d,64,23,a7,4e,65,a6,06,72,f5,36,0b,ed,f3,67,5f,cd,4d,9a,00,00,00,00,00,00,\​

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5​

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-01 1:05
ComboFix-quarantined-files.txt 2009-07-01 00:05
ComboFix2.txt 2009-06-30 16:03​

Pre-Run: 63,769,165,824 bytes free
Post-Run: 63,783,440,384 bytes free​

584 --- E O F --- 2009-06-10 14:39​

أنتظر ردودكم​

 

[Corporation]

جآ‘رٍي التحليـل ..​

 

[Corporation]

أحذف التالي ..

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\Registry Compressor\rbcs.exe" -autorun

O13 - Gopher Prefix:

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

أحذفهم بالوضع الآمن ..

وللتأكيد أكثر قم بحص الجهـآز بـ أدآة Kaspersky Virus Remove

مع تعطيل استعادة النظآم ..

ووآفنـي بالتقرير للأطلاع ..

موفق ..​

 

[albavary_13]

إذا كان قصدك بالسيف مود ابشر

لاكن جهاازي فستا وإنجليزي وانا ثقافتي فرنسية ^_^

فياليت لو تشرح كيف اعطل اسعتاادة النظام

​

 

[ابـــو عــبــد الــلــه]

بعد اذن المشرف ::: :bleh:​

...​

1- تعطيل نقطة الاستعادة للفيستا​

نضغط بزر الفارة الايمن على جهاز الكمبيوتر ثم نختار خصائص

ثم

ونشيل علامات الصح قدام محركات الاقراص ثم نضغط على موافق

2- ادخل على الموقع حمل برنامج المكافي واعمل فحص كامل للجهازك​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

ثم ارفع التقرير على الموقع التالي​

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

​

 

[albavary_13]

أحذف التالي ..


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O4 - HKLM\..\Run: [CheckRegDefragService] "C:\PROGRA~1\Registry Compressor\rbcs.exe" -autorun

O13 - Gopher Prefix:

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

أحذفهم بالوضع الآمن ..

وللتأكيد أكثر قم بحص الجهـآز بـ أدآة Kaspersky Virus Remove

مع تعطيل استعادة النظآم ..

ووآفنـي بالتقرير للأطلاع ..


موفق ..
​

تم

وهذا التقرير

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:24 ص, on 01/07/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\hp\Desktop\تطبيقات\عااااااااااااام\Zyzoom_HijackThis.exe
C:\Windows\System32\mobsync.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 6911 bytes
​

 

[albavary_13]

للرفع ^_^​

 

[albavary_13]

أنتظر الرد​

 

[البارون]

التقرير سليم

 

[albavary_13]

جزاكم الله خير

ورحم الله والديكم

وتم حل المشكله

^_^​

 

[KoNaMi]

الحمد لله على كل حال

:. يغلق للانتهاء .:
​