تم إيقاف المشاركات وأصبح مركز بوابة العرب التعليمي للتصفح فقط

زهير2001 · #1 11-12-2009, 08:00 PM

السلام عليكم

جهازي محمول ويندوز فيتسا .... قبل كم يوم حملت برنامج مراقبة الجهاز اسم البرنامج Expert home ومن بعد ما حملت هذا البرنامج والجهاز بطيء مشاكل بالمتصفح المهم حاولت احذف هذا البرنامج ولكن ما وجدت له ملف حذف وذهبت الي الريجستري وبحث عن اسم البرنامج بالريجستري وكتبت expert home ولكن لم يعطيني اي نتائج

واليكم تقرير برنامج الهجيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:00:02 م, on 11/12/09
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Zohir\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [expmon] C:\Windows\expmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O8 - Extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: إ&عدادات Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} (FontDownloaderIE Class) - http://www.qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - http://v.netlogstatic.com/v3.00/782/...opImporter.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c91142cff0744c) (gupdate1c91142cff0744c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16427 bytes

faneea · #2 11-12-2009, 10:26 PM

السلام عليكم و رحمه الله و بركاته
طريقة حذف برنامج لايوجد له مسار من أضافة وأزالة

http://www.mowafak.org/html/uninstal...ssing_on_.html

طبق التالي كله و ضع كل التقارير هنا
http://edu.arabsgate.com/showpost.ph...48&postcount=2

زهير2001 · #3 13-12-2009, 06:23 PM

اخي فينا شكرا لك على تجاوبك وبالنسبة للحذف من الريجستري تتبعت الامتداد الذي اخبرتني بالشرح ولكن بالاخير ما وجدت ملف البرنامج ....

وبالنسبة للتقرير

ComboFix 09-09-16.05 - Zohir 12/13/2009 18:02.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.966.1025.18.3062.1713 [GMT 3:00]
Running from: c:\users\Zohir\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 15:03 . 2009-12-13 15:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-13 15:03 . 2009-12-13 15:03 -------- d-----w- c:\users\Other\AppData\Local\temp
2009-12-13 15:03 . 2009-12-13 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-11 17:59 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 17:59 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 17:59 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 16:50 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 18:35 . 2009-12-08 18:35 -------- d-----w- c:\users\Zohir\AppData\Roaming\URSoft
2009-12-08 18:34 . 2009-12-08 18:47 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-12-08 18:03 . 2009-12-08 18:22 -------- d-sh--w- c:\windows\exprep
2009-12-08 18:03 . 2009-12-08 18:03 97792 ----a-w- c:\windows\expmon.exe
2009-12-08 18:03 . 2009-12-08 18:03 706 ----a-w- c:\windows\sxlib32.dat
2009-12-08 18:03 . 2009-12-08 18:03 1486336 ----a-w- c:\windows\sxgui32.dll
2009-12-08 18:03 . 2009-12-08 18:03 16896 ----a-w- c:\windows\sxexp32.dll
2009-12-08 18:03 . 2009-12-08 18:03 1213440 ----a-w- c:\windows\sfxlib32.dll
2009-11-29 19:18 . 2009-11-29 19:18 -------- d-----w- C:\Temp
2009-11-29 19:02 . 2009-11-29 19:06 -------- d-----w- c:\program files\Unlocker
2009-11-29 15:16 . 2009-04-30 00:38 291152 ----a-w- c:\windows\system32\mscoree.dll
2009-11-29 15:16 . 2009-04-30 00:38 1083720 ----a-w- c:\windows\system32\dfshim.dll
2009-11-29 15:16 . 2009-04-30 00:38 76648 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-11-29 15:16 . 2009-04-30 00:38 404320 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-29 10:18 . 2009-11-29 10:18 -------- d-----w- c:\users\Zohir\AppData\Roaming\Malwarebytes
2009-11-29 10:18 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 10:18 . 2009-11-29 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 10:18 . 2009-11-29 10:18 -------- d-----w- c:\programdata\Malwarebytes
2009-11-29 10:18 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 18:47 . 2009-11-28 18:47 -------- d-----w- c:\programdata\SweetIM
2009-11-26 09:59 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-26 09:55 . 2009-11-26 09:55 79368 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\RUP\vista.exe
2009-11-26 09:55 . 2009-11-26 09:55 64000 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\RUP\inst_config\gcapi_dll.dll
2009-11-26 09:55 . 2009-11-26 09:55 52288 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\RUP\inst_config\gtapi.dll
2009-11-26 09:55 . 2009-11-26 09:55 50688 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\RUP\inst_config\fftbapi.dll
2009-11-26 09:55 . 2009-11-26 09:55 118784 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\RUP\inst_config\compat.dll
2009-11-25 21:18 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 21:18 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 21:10 . 2009-11-25 21:10 439816 ----a-w- c:\users\Other\AppData\Roaming\Real\Update\setup3. 09\setup.exe
2009-11-18 14:52 . 2009-11-18 14:52 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:15 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-18 09:14 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 09:14 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 09:14 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-13 15:02 . 2009-05-09 17:50 45902 ----a-w- c:\windows\system32\perfc001.dat
2009-12-13 15:02 . 2009-05-09 17:50 179574 ----a-w- c:\windows\system32\perfh001.dat
2009-12-13 14:53 . 2008-02-16 21:41 6396 ----a-w- c:\windows\bthservsdp.dat
2009-12-13 14:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-11 17:54 . 2009-02-08 19:48 -------- d-----w- c:\users\Zohir\AppData\Roaming\uTorrent
2009-12-07 15:10 . 2009-07-22 20:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-01 10:12 . 2008-09-07 23:37 -------- d-----w- c:\program files\Google
2009-11-28 23:09 . 2008-09-08 16:36 -------- d-----w- c:\programdata\Babylon
2009-11-28 18:47 . 2008-09-01 17:04 -------- d-----w- c:\users\Zohir\AppData\Roaming\DMCache
2009-11-21 06:40 . 2009-12-11 16:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-11 16:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-11 16:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-11 16:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 14:47 . 2009-11-18 14:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf
2009-11-18 14:46 . 2009-11-18 14:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-11-18 08:44 . 2008-09-22 17:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-12 19:20 . 2008-10-30 19:35 368192 ----a-w- c:\users\Other\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 15:48 . 2009-11-12 10:56 -------- d-----w- c:\users\Zohir\AppData\Roaming\AlMAdinahMushaf
2009-11-12 15:39 . 2008-08-30 10:04 368192 ----a-w- c:\users\Zohir\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-12 10:56 . 2009-11-12 10:56 -------- d-----w- c:\programdata\InstallShield
2009-11-12 10:56 . 2009-11-12 10:55 -------- d-----w- c:\program files\مصحف المدينة النبوية
2009-11-12 10:56 . 2008-02-16 22:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-12 10:56 . 2008-02-16 22:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 17:42 . 2009-10-16 13:00 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02 . 2009-11-18 09:15 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 09:15 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 09:15 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 09:15 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 09:15 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 09:15 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 09:15 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 09:15 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 09:15 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 09:15 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-10-01 01:01 . 2009-11-18 09:15 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 09:15 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 09:15 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 09:15 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 09:15 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 09:16 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 09:16 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 09:16 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 09:16 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 09:16 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 09:16 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 09:16 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 09:16 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 09:16 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 09:16 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 09:16 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 09:16 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 09:16 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 09:16 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 09:16 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 09:16 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 09:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 09:16 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 09:16 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 09:16 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 09:16 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 09:16 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 09:16 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 09:16 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 09:16 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 09:16 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 09:16 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-11-18 11:41 . 2008-08-20 16:03 39424 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2006-10-11 08:04 . 2008-11-09 09:02 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-11-09 09:02 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-11-09 09:02 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-11-09 09:02 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-11-09 09:02 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-24 14:29 . 2009-07-24 14:29 88 --sh--r- c:\windows\System32\3DE1336FFC.sys
2009-07-24 14:30 . 2009-07-24 14:29 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-13_14.48.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-12-13 14:56 76092 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2008-01-21 01:58 . 2009-12-13 14:08 76092 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2006-11-02 13:05 . 2009-12-13 14:08 96816 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2006-11-02 13:05 . 2009-12-13 14:56 96816 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-08-30 10:03 . 2009-12-13 14:08 16456 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3341374015-472329702-1645681874-1000_UserData.bin
+ 2008-08-30 10:03 . 2009-12-13 14:56 16456 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3341374015-472329702-1645681874-1000_UserData.bin
- 2008-08-30 09:54 . 2009-12-13 14:14 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-30 09:54 . 2009-12-13 14:57 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-30 09:54 . 2009-12-13 14:57 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-30 09:54 . 2009-12-13 14:14 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-30 09:54 . 2009-12-13 14:57 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-08-30 09:54 . 2009-12-13 14:14 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-09-27 19:22 . 2009-12-13 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-27 19:22 . 2009-12-13 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2008-09-27 19:22 . 2009-12-13 14:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-27 19:22 . 2009-12-13 14:54 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-27 19:22 . 2009-12-13 14:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2008-09-27 19:22 . 2009-12-13 14:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2009-12-13 14:05 . 2009-12-13 14:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-12-13 14:54 . 2009-12-13 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-12-13 14:05 . 2009-12-13 14:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-12-13 14:54 . 2009-12-13 14:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2009-12-13 15:02 676136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-13 14:45 676136 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-12-13 14:45 131208 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-12-13 15:02 131208 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2009-12-13 14:53 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-12-13 14:17 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\AO LOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-10-17 39408]
"Device Detector"="DevDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-09-19 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-07-22 209153]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"expmon"="c:\windows\expmon.exe" [2009-12-08 97792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-06 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-06 1822720]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-2-28 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):db,48,91,22,5c,33,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{6A515FB2-6FC9-4636-A24B-605D4FFC1B70}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:Loca tionFree Player
"{287786BA-32F9-4413-86EB-97EDEF044419}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:Loca tionFree Player
"{A44374D3-24CC-4449-A35F-CAC9C7404F4F}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{C6D23D7B-2826-4186-91D5-EE4DB89169F5}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{7C6E00E3-6B2B-440E-A98E-8DE65A1BE6CF}"= UDP:c:\windows\System32\ftp.exe:File Transfer Protocol
"{D0A5F216-72CA-4F20-BB1E-40B73774928C}"= TCP:c:\windows\System32\ftp.exe:File Transfer Protocol
"{3C3494F6-4E5A-46F0-B3EB-969650A39227}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D0E80917-01B5-4433-BB92-B72FD4F1376F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{91626CC9-C889-47B8-BFCE-D5D64B58087F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{79769AAB-390C-48E4-A50D-3FB2C4F8EBEF}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D3C4C6FC-C2A3-42A7-B006-AACDFA1A84DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{74593CAF-F31F-41D5-96A2-6C4506345E59}"= TCP:67

HCP Discovery Service
"{DDFF27A0-56C3-4F2A-AC62-66170C9AC473}"= UDP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{5EBDD41F-74AD-4166-957D-A10084657874}"= TCP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{8907BDE3-7BBC-4CEC-B6DF-64EB91C96AA3}"= UDP:443

oVoo TCP المنفذ 443
"{D0B5A370-B10C-4CEA-8EB6-AD6EC4F1A96B}"= TCP:443

oVoo UDP المنفذ 443
"{2D5D2B03-A817-4254-934C-7ACEA2C97C9D}"= UDP:37674

oVoo TCP المنفذ 37674
"{F512EBBD-7803-43C4-863F-F826DBA79AD6}"= TCP:37674

oVoo UDP المنفذ 37674
"{94CA1C6D-3035-4FDA-82DE-9787166F52A4}"= TCP:37675

oVoo UDP المنفذ 37675
"{3B2BF54D-119B-4CA3-A874-C520CBCD1CFB}"= UDP:990:LocalSubnet:LocalSubnet|IF={5F191BE8-FF72-4098-826D-F5A8185D92EA}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{2B6BBBA8-2F2F-4E16-8F94-0D323B779970}"= UDP:990:LocalSubnet:LocalSubnet|IF={5F191BE8-FF72-4098-826D-F5A8185D92EA}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 avfwot;avfwot;c:\windows\System32\drivers\avfwot.s ys [22/07/09 11:48 م 97608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [22/07/09 11:48 م 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [22/07/09 11:48 م 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/07/09 11:48 م 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [22/07/09 11:48 م 434945]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/07 07:09 ص 11032]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [17/04/09 06:11 م 185640]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [28/02/08 08:32 م 125440]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [03/09/08 08:59 م 333088]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilte r.sys [28/02/08 08:32 م 17920]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\System32\drivers\avfwim.sys [22/07/09 11:48 م 69632]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [17/02/08 12:55 ص 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [17/02/08 01:02 ص 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [17/02/08 01:02 ص 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [17/02/08 01:03 ص 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21 sony.sys [17/02/08 01:03 ص 818688]
S2 gupdate1c91142cff0744c;Google Update Service (gupdate1c91142cff0744c);c:\program files\Google\Update\GoogleUpdate.exe [08/09/08 02:37 ص 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [10/03/09 07:53 م 84832]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\ v4.0.20506\mscorsvw.exe [06/05/09 09:08 ص 104272]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/08 05:23 ص 21504]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\dr ivers\mbamswissarmy.sys [29/11/09 01:18 م 38224]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [28/02/08 08:45 م 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [28/02/08 08:45 م 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [28/02/08 08:45 م 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [17/02/08 02:05 ص 79136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\H]
\shell\AutoRun\command - h:\autorun\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{208dc216-6976-11de-909d-001a80cc17de}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{28aa0548-76fd-11de-930f-001a80cc17de}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9e0b7446-fea0-11dd-a18b-001e3d88c3c4}]
\shell\AutoRun\command - v0s.cmd
\shell\explore\Command - v0s.cmd
\shell\open\Command - v0s.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e8fb3f17-7766-11dd-9603-001e3d88c3c4}]
\shell\AutoRun\command - v0s.cmd
\shell\explore\Command - v0s.cmd
\shell\open\Command - v0s.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f1eb0208-76cb-11dd-8ac7-806e6f6e6963}]
\shell\AutoRun\command - F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-07 14:08]

2009-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-07 14:08]

2009-12-13 c:\windows\Tasks\User_Feed_Synchronization-{2FA040A8-9DCA-473B-9BEF-CAEFA272683B}.job
- c:\windows\system32\msfeedssync.exe [2009-12-11 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &تصدير إلى Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
IE: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetAll.htm
IE: تحميل بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEExt.htm
IE: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - hxxp://www.qurancomplex.org/downloads/FontDown.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - hxxp://v.netlogstatic.com/v3.00/782//s/m/oz/OzDesktopImporter.cab
FF - ProfilePath - c:\users\Zohir\AppData\Roaming\Mozilla\Firefox\Pro files\8swm0ami.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.o rg\components\qfaservices.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff2\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - component: c:\users\Zohir\AppData\Roaming\IDM\idmmzcc2\compon ents\idmmzcc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&m ozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 18:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*c*t*t* \OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):92,60,b2,f0,7a,4a,ea,0a,b4,3a,3d,0 4,b7,09,46,da,df,cd,b1,8d,a0,
8d,12,98,ff,94,45,0d,34,ab,91,cb,59,a5,17,70,90,11 ,07,bd,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-3341374015-472329702-1645681874-1000_Classes\CLSID\{9e333e8b-7c62-430c-8e2d-8a82b0a3afe0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000136
"Therad"=dword:0000001c
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5 ,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,d5,09,1e,b8,c2,ef ,57,91,f4,0a,36,98,ab,67,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3892)
c:\ddi\overicon.dll
.
Completion time: 2009-12-13 18:06
ComboFix-quarantined-files.txt 2009-12-13 15:06
ComboFix2.txt 2009-12-13 14:51
ComboFix3.txt 2008-11-08 16:25

Pre-Run: 62,779,609,088 bytes free
Post-Run: 62,745,448,448 bytes free

729 --- E O F --- 2009-12-11 18:03

faneea · #4 13-12-2009, 06:46 PM

نصبت البرنامج عندي
لفتح البرنامج
تضغط
alt+ctrl+shf+a
a اذا انت لم تغيرها اثناء التنصيب
تكتب الباسور الذي وضعته اثناء التنصيب
من النافذه التي تفتح عندك تختارDelete
تفتح عندك نافذه جديده تضع تضع صح على الخيارين و تكمل حذف البرنامج

زهير2001 · #5 13-12-2009, 07:04 PM

شكرا لك اخي فينا نعم طبقت هذه الطريقة لحذف البرنامج طبقتها اكثر من مره ولكن يعطيني رساله يقول تم رفض الاوصول ويعطيني امتدد البرنامج

والان تعرف ماهي المشكلة اكبر مشكلة تواجهني الان بالكمبيوتر مشاكل المتصفح وهي الرساله التي اتعبتني حدث مشكلة بالمتصفح هل تريدي حل المشكلة او اغلاق الاكسبلورر

faneea · #6 13-12-2009, 09:10 PM

تعيد تنصيبه ثم تحذفه

المواضيع المتشابهه
الموضوع	كاتب الموضوع	المنتدى	مشاركات	آخر مشاركة
49 برنامج معرب	MY $O$O	الأرشــيــف	17	03-03-2002 11:32 PM

أدوات الموضوع
مشاهدة صفحة طباعة الموضوع أرسل هذا الموضوع إلى صديق