يعيد التشغيل '' يوجد صورة''

المصدر: يعيد التشغيل '' يوجد صورة''
في منتدى : منتدى مشاكـل وحلول الحـاسب

بسم الله الرحمن الرحيم

السلام عليكم ورحمة الله وبركاته



مشكلتي اليوم مع إعادة التشغيل الفجائية للجهاز

ورسالة خطأ عند الإقلاع

​

تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:42, on 15-05-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\WinLockPro\winlock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.thechatphone.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 108G DWA-520] C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe
O4 - HKLM\..\Run: [************' Anti-Malware] "C:\Program Files\************' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [antinetcut2] C:\Program Files\Anti Netcut\Anti NetCut.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [0wl] C:\Program Files\WinLockPro\winlock.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\el-hachemi\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\el-hachemi\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: PixelPlanet easyPDF SDK 6 Loader (bepldr6PixelPlanetService) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\JSWUtil\jswpsapi.exe
O23 - Service: MBAMService - ************ Corporation - C:\Program Files\************' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8523 bytes


Runscanner

نقاط بدء التشغيل

"Silent Runners.vbs", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"PopUpStopperFreeEdition" = ""C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"" ["Panicware, Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Everything" = ""C:\Program Files\Everything\Everything.exe" -startup" [null data]
"StartupFaster" = ""C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP" ["URSoft,Inc"]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"ANIWZCS2Service" = "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" ["Wireless Service"]
"D-Link D-Link Wireless 108G DWA-520" = "C:\Program Files\D-Link\D-Link Wireless 108G DWA-520\AirPlusCFG.exe" ["D-Link"]
"************' Anti-Malware" = ""C:\Program Files\************' Anti-Malware\mbamgui.exe" /starttray" ["************ Corporation"]
"AdobeAAMUpdater-1.0" = ""C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"" ["Adobe Systems Incorporated"]
"SwitchBoard" = "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" ["Adobe Systems Incorporated"]
"AdobeCS5ServiceManager" = ""C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin" ["Adobe Systems Incorporated"]
"antinetcut2" = "C:\Program Files\Anti Netcut\Anti NetCut.exe" ["Tools4Free"]
"nmctxth" = ""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"" ["Cisco Systems, Inc."]
"nmapp" = ""C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash" ["Cisco Systems, Inc."]
"0wl" = "C:\Program Files\WinLockPro\winlock.exe" ["Crystal Office Systems"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"
-> {HKLM...CLSID} = "Symantec NCO BHO"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll" ["Symantec Corporation"]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL" ["Symantec Corporation"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}" = "SC2ShellExt"
-> {HKLM...CLSID} = "SC2ShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\SuperCopier2\SC2ShellExt.dll" ["SFX TeAm"]

"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{F8B4672E-1F26-4828-A33B-C439B1F3AEEF}" = "PdfGrabber 6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "PdfGrabber 6 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\PIXELP~1\PDFGRA~1.0\PDFGRA~2.DLL" ["PixelPlanet"]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

"{82C63EC5-1B4C-43B7-7AC8-57148B696B95}" = "Explorer Context Menu"
-> {HKLM...CLSID} = "*" (unwritable string)
\InProcServer32\(Default) = "mscoree.dll" [MS]

"{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" = "VSO Image Resizer Shell Extension"
-> {HKLM...CLSID} = "ImageResizerShellExt"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software SARL"]

"{C55C499D-3518-44a1-998E-796AC5FC989D}" = "NetworkMagic"
-> {HKLM...CLSID} = "مجلدات Network Magic"
\InProcServer32\(Default) = "C:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Cisco Systems, Inc."]

"{33F85093-44BB-4587-B25B-FFD05D5B9916}" = "NetworkMagic"
-> {HKLM...CLSID} = "مجلدات Network Magic"
\InProcServer32\(Default) = "C:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Cisco Systems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll" [MS]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> pure-go\CLSID = "{4746C79A-2042-4332-8650-48966E44ABA8}"
-> {HKLM...CLSID} = "CPureGoProtoInfo Object"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll" ["Cisco Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Explorer Context Menu\(Default) = "{82C63EC5-1B4C-43B7-7AC8-57148B696B95}"
-> {HKLM...CLSID} = "*" (unwritable string)
\InProcServer32\(Default) = "mscoree.dll" [MS]

PdfGrabber6ContextMenu\(Default) = "{F8B4672E-1F26-4828-A33B-C439B1F3AEEF}"
-> {HKLM...CLSID} = "PdfGrabber 6 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\PIXELP~1\PDFGRA~1.0\PDFGRA~2.DLL" ["PixelPlanet"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\18.6.0.29\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

ImageResizerShellExt\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "ImageResizerShellExt"
\InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software SARL"]

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\************' Anti-Malware\mbamext.dll" ["************ Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

Explorer Context Menu\(Default) = "{82C63EC5-1B4C-43B7-7AC8-57148B696B95}"
-> {HKLM...CLSID} = "*" (unwritable string)
\InProcServer32\(Default) = "mscoree.dll" [MS]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مجلدات Network Magic"
\InProcServer32\(Default) = "C:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Cisco Systems, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

SC2ShellExt\(Default) = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"
-> {HKLM...CLSID} = "SC2ShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\SuperCopier2\SC2ShellExt.dll" ["SFX TeAm"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مجلدات Network Magic"
\InProcServer32\(Default) = "C:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Cisco Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\************' Anti-Malware\mbamext.dll" ["************ Corporation"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\18.6.0.29\NavShExt.dll"" ["Symantec Corporation"]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

{33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مجلدات Network Magic"
\InProcServer32\(Default) = "C:\Program Files\Pure Networks\Network Magic\nmspce2.dll" ["Cisco Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

SC2ShellExt\(Default) = "{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}"
-> {HKLM...CLSID} = "SC2ShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\SuperCopier2\SC2ShellExt.dll" ["SFX TeAm"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

"NoHTMLWallPaper" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoChangingWallPaper" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Prevent changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSetTaskBar" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}

"NoLogoff" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Logon/Logoff|
Disable Logoff}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFileMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoNetConnectDisconnect" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDesktopUpdate" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Run menu from Start Menu}

"NoClose" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands}

"LockTaskbar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"TaskbarNoRedock" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"TaskbarNoResize" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayItemsDisplay" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Hide the notification area}

"NoStartMenuMFUprogramsList" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoStartMenuMorePrograms" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove All Programs list from the Start menu}

"NoPropertiesMyComputer" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoManageMyComputerVerb" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideRunAsVerb" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"StartMenuLogOff" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewOnDrive" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDesktop" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoControlPanel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSetFolders" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoActiveDesktop" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"NoSetActiveDesktop" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoWindowsUpdate" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove links and access to Windows Update}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSetTaskBar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLogoff" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoControlPanel" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"WRP" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableChangePassword" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableLockWorkstation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

"NoDispCpl" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\

"NoAddRemovePrograms" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Add or Remove Programs|
Remove Add or Remove Programs}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\

"NoFileNew" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFileOpen" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserSaveAs" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSelectDownloadDir" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoPrinting" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFindFiles" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoViewSource" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFavorites" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoBrowserOptions" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus|
Tools menu: Disable Internet Options... menu option}

"NoBrowserContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTheaterMode" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoNavButtons" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableLockWorkstation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableStatusMessages" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoAddRemovePrograms" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\el-hachemi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AVSCaptureVideoCameraArrival\
"Provider" = "AVS Video Recorder"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\AVS4YOU\AVSVideoRecorder\AVSVideoRecorder.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

BridgeCS5ImportMediaOnArrival\
"Provider" = "Adobe Bridge CS5"
"InvokeProgID" = "Adobe.adobebridgeCS5"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS5\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

BridgeCS5NonVolumeHandler\
"Provider" = "Adobe Bridge CS5"
"ProgID" = "Adobe.adobebridgeMTP_1"
HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = "{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}"
-> {HKLM...CLSID} = "Adobe Bridge CS5"
\LocalServer32\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS5\bridgeproxy.exe -m" ["Adobe Systems, Inc."]

MPCPlayBluRayOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayBlurayMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV" ["MPC-HC Team"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["MPC-HC Team"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["MPC-HC Team"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["MPC-HC Team"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]

VLCPlayMusicFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]

VLCPlaySVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.SVCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVCDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.VCDMovie"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1" ["the VideoLAN Team"]

VLCPlayVideoFilesOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.OPENFolder"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = ""C:\Program Files\VideoLAN\VLC\vlc.exe" %1" ["the VideoLAN Team"]


Enabled Scheduled Tasks:
------------------------

"AdobeAAMUpdater-1.0-PC-el-hachemi" -> launches: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe -mode=scheduled " ["Adobe Systems Incorporated"]
"RMSchedule" -> launches: "C:\Program Files\Registry Mechanic\RegMech.exe /F" ["PC Tools"]
"RMSmartUpdate" -> launches: "C:\Program Files\Registry Mechanic\Update.exe /SILENT /PRODUCT=RM /VERSION=10.0.0.134 /PID=0 /SUBPRODUCT=NRM" ["PC Tools"]
"User_Feed_Synchronization-{2E5BC84A-0AE0-48E4-AF9D-0A0C4D7759D1}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]
"WinUtilities_Registry_Cleaner_D81CDF27E9284402" -> launches: "C:\Program Files\WinUtilities\ToolRegistryCleaner.exe /auto /hide /icon" ["YL Software"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
Norton Internet Security, NIS, ""C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll" /prefetch:1" ["Symantec Corporation"]
PC Tools Startup and Shutdown Monitor service, PCToolsSSDMonitorSvc, "C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe" ["PC Tools"]
Pure Networks Platform Service, nmservice, ""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"" ["Cisco Systems, Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CNAB4 Monitor\Driver = "CNAB4LMK.DLL" ["CANON INC."]


---------- (launch time: 2011-05-15 21:15:59)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 41 seconds)



:i::i:








​

 

اعمل هذا

مالوووير بااايت

 

بارك الله فيك أخي البارون

أنا عملت فحص بالمالوير وبالحصان الذهبي
وfull scan بالنورتن ولم يكتشف ملفات ضارة
​

 

طيب اعطيني تقرير البرامج المثبته (( عندك برنامج مشبوه ))

 

تفضل أخي الكريم



====== معلومات نظام التشغيل ======

X86 WIN_XP 2600 Service Pack 3


====== قائمة البرامج المثبتة ======

µTorrent
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
All Office Converter Platinum 6.4
ANIO Service
ANIWZCS2 Service
AntiLogger
AntiLogger
Assistant de connexion Windows Live
AudioLava Premium Edition 1.0
Auslogics BoostSpeed
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 5
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
CamStudio
CamStudio Lossless Codec v1.4
CCleaner
Cisco Network Magic
CometBird 4.0.1 (x86 en-US)
Debugging Tools for Windows
D-Link Wireless 108G DWA-520
Driver Genius Professional Edition
EchoroukCrosswordClt version 1.5
Everything 1.2.1.371
FileHippo.com Update Checker
FormatFactory 2.60
Free Studio version 5.0.9
GIMP 2.6.10
Google Book Downloader
Google Earth
handyCafe Server
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Installation Windows Live
Installation Windows Live
Intel(R) Graphics Media *********** Driver
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 25
Java(TM) 6 Update 6
K-Lite Codec Pack 7.1.0 (Full)
************' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.17)
MSVCRT
MySQL Connector/ODBC 5.1
Ncesoft Flip Book Maker 2.5.0
Network Magic
Norton Internet Security
Outil de téléchargement Windows Live
PDF Settings CS5
PdfGrabber 6.0
Pop-Up Stopper Free Edition
Pure Networks Platform
QT Lite 4.1.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 10.0
Security Autorun 1.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
Skype™ 3.8
Startup Faster!
SuperCopier2
System Requirements Lab CYRI
The KMPlayer (remove only)
Ultra Mobile 3GP Video Converter 5.3.0402
UltraISO Premium V9.36
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
USB Disk Security
VDownloader 3.0.712
Video Convert Master 10.2.10.2289
Vista Drive Icon 1.3
VLC media player 1.1.9
VSO Image Resizer 4.0.3.2
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Doctor 2.6
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Messenger
WinLock Professional
WinRAR 4.00 (32-bit)
WinUtilities 10.0 Professional Edition
WinX HD Video Converter Deluxe 3.10.2
Your Uninstaller! 2010



​

 

السلام عليكم أخي الغالي kamikaz​

هل هذا البرنامج مفعل بالكراك​

WinLock Professional​

?​

لأنه مشبوه​

O4 - HKLM\..\Run: [0wl] C:\Program Files\WinLockPro\winlock.exe​

لأنه صراحة هذا البروسسور​

winlock.exe​

هو عبارة عن تروجان يقوم بإرسال تقارير الأخطاء.​

لتأكد إن كان فعلا تروجان , هذا هو البروسسور المسؤول عنه في التاسك منجر​

​

 

أهلا وسهلا أخي إلياس
عاش من شافك خويا

هذا البرنامج لقفل الملفات والأقراص بكلمة مرور

ونسخة تجريبية فقط

***********************************************
أنا شاك أن المشكل من الدرايفر لأني حدثها بهذا البرنامج

Driver Genius Professional Edition




​

 

سوي تقرير رن سكنر

 

تفضل أخي البارون

رن سكنر
​

 

من اضافة وازالة البرامج احذف التالي


Driver Genius Professional Edition
Everything 1.2.1.371
FileHippo.com Update Checker
************' Anti-Malware
Registry Mechanic 10.0
Security Autorun 1.3
Startup Faster!
SuperCopier2
USB Disk Security
VDownloader 3.0.712
WinLock Professional
Your Uninstaller! 2010​

ثم اعمل تنظيف للجهاز

واعمل هذي بعد الاتنهاء

عرض حرارة الجهاز ​

 

تم إزالة البرامج المذكورة
وتنظيف الجهاز ب ccleaner وأداة TFC
وهذا عرض لحرارة الجهاز
ولا تنسى الصيدليات مغلقة أخي البارون:d:


​

 

وكيف الاوضاع الحين

هل لازال الجهاز تظهر فيه اخطاء ولا اختفت المشكلة

 

الله يخليك خويا العزيز.:king:

أتمنى تكون الحالة تحسنت مع وصفة الأستاذ الغالي البارون:king:

​

 

بعد التنظيف أعاد التشغيل مرتين
مباشرة بعد فتح متصفح الفايرفوكس
يعلق لمدة ثم يعيد التشغيل تلقائيا
:no:

ما قلتلي أخي البارون المكتوب في الصورة
اللي في الموضوع وش معناها؟؟


​

 

البارون حذفلي نص البرامج
​

وحبيبي ال supercopier:d:

 

طيب فيه ملف اسمه mini dumb داخل مجلد الوندوز

انسخه على سطح المكتب واضغطة وارفعه وارفقه في ردك القادم

 

تفضل أخي البارون




http://www.eupload.org/shared/86602minidump.rar
​