مشكلة بمستكشف windows

ش

شقردي حيل

زيزوومي جديد
إنضم
19 ديسمبر 2008
المشاركات
40
مستوى التفاعل
0
النقاط
40
غير متصل
السلام عليكم ورحمة الله
اخواني لدي مشكلة في مستكشف ويندوز فعند فتح ملف او هاردسك او c او d مثلا تجد ان الملفات الداخلية بها خلل فتجد ملف كاملا واخر صورته فقط دون اسمه واخر اسمه دون صورته وهكذا يوجد خلل بالصفحة وهي غير طبيعية ايضا عند ارادة حذف ملف مثلا صورة لا تحذف وانما يظل المستكشف يحاول حذفها ولا يحذف ولا يحصل اي شيء وقد تعبت من هذا الامر الذي يذهب ويعود على الرغم من اني غيرت هاردسك جديد للجهاز وفرمته من جديد قبل 4 اشهر تقريبا واستخدم ويندوز (windows 7 home permium) ارجوا منكم الحل بارك الله فيكم.


الصور المرفقة :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
[/URL]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
[/URL]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


ملف رن سكانر + البرامج المثبته :
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
[/URL]
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


تقرير هايجاك :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:16:32 م, on 09/06/11
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Program Files\Avant Browser\ybrowser.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - H:\برامج\IDM.ANOoOS.EDT.5.19.3.ZYZOOM.ORG\تثبيت عادي مع الكراك\كراك\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: تحميل محتوى FLV بواسطة Internet Download Manager - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &لوحة مفاتيح ظاهرية - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: فحص عناوين المواقع (URL) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {A763FB1D-703C-40AA-9FFD-4F23ED8D8641} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: خدمة تحديث Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8941 bytes​



تقرير قائمة البرامج :

Acer Crystal Eye
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3 - Arabic
Applian FLV Player
Ask Toolbar
Avant Browser (remove only)
Definition update for Microsoft Office 2010 (KB982726)
FormatFactory 2.60
Google Earth
Google Update Helper
Internet Download Manager
Java(TM) 6 Update 25
K-Lite Codec Pack 4.4.5 (Full)
Messenger Plus! 5
Messenger Plus! Live
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Word MUI (Arabic) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Real Alternative 1.9.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Toolbars
Skype™ 5.3
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VideoLAN VLC media player 0.8.6e
WIDCOMM Bluetooth Software 6.0.1.3900
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
WinRAR archiver
أداة التحميل Windows Live Upload Tool
برنامج Kaspersky لأمان الإنترنت 2010
برنامج Kaspersky لأمان الإنترنت 2010
تحديث لـ Microsoft Outlook Social Connector (KB2441641)
مساعد تسجيل الدخول إلى Windows Live
معرض صور Windows Live​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
توقيع : غَيّوضْ
تأييد 0
سأضغط الهايجاك واضعه
 
تأييد 0
"Silent Runners.vbs", revision 61,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
System: Windows 7 SP1Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"(Default)" = "(empty string)" [file not found]"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]"msnmsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]"Sidebar" = "C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"BCSSync" = ""C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices" [MS]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]"SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]"RtHDVCpl" = "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" ["Realtek Semiconductor"]"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"" ["Kaspersky Lab"]"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper" -> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)" \InProcServer32\(Default) = "H:\برامج\IDM.ANOoOS.EDT.5.19.3.ZYZOOM.ORG\تثبيت عادي مع الكراك\كراك\IDMIECC.dll" [file not found]{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll" ["Kaspersky Lab"]{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = "SkypeIEPluginBHO" -> {HKLM...CLSID} = "Skype Plug-In" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO" -> {HKLM...CLSID} = "Office Document Cache Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL" [MS]{D4027C7F-154A-4066-A1AD-4243D8127440}\(Default) = "Ask Toolbar BHO" -> {HKLM...CLSID} = "Ask Toolbar" \InProcServer32\(Default) = "C:\Program Files\Ask.com\GenericAskToolbar.dll" ["Ask"]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = "link filter bho" -> {HKLM...CLSID} = "FilterBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}" -> {HKLM...CLSID} = "IDM Shell Extension" \InProcServer32\(Default) = "H:\برامج\IDM.ANOoOS.EDT.5.19.3.ZYZOOM.ORG\تثبيت عادي مع الكراك\كراك\IDMShellExt.dll" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll" [MS]"{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D}" = "Groove Namespace Extension" -> {HKLM...CLSID} = "مساحات عمل" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL" [MS]"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\VISSHE.DLL" [MS]"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor" -> {HKLM...CLSID} = "Monitor Class" \InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension" -> {HKLM...CLSID} = "IDM Shell Extension" \InProcServer32\(Default) = "H:\برامج\IDM.ANOoOS.EDT.5.19.3.ZYZOOM.ORG\تثبيت عادي مع الكراك\كراك\IDMShellExt.dll" [file not found]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" ["Kaspersky Lab"]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS] ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}" -> {HKLM...CLSID} = "HxProtocol Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS] msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS] skype-ie-addon-data\CLSID = "{91774881-D725-4E58-B298-07617B9B86A8}" -> {HKLM...CLSID} = "Skype IE add-on Pluggable Protocol" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."] skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" -> {HKLM...CLSID} = "IEProtocolHandler Class" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}" -> {HKLM...CLSID} = "Monitor Class" \InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Users\Bandar\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\MPCPlayCDAudioOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayCDAudio"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"]MPCPlayDVDMovieOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayDVDMovie"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]MPCPlayMusicFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayMusicFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]MPCPlayVideoFilesOnArrival\"Provider" = "Media Player Classic""InvokeProgID" = "MediaPlayerClassic.Autorun""InvokeVerb" = "PlayVideoFiles"HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]MSLivePhotoAcqHWEventHandler\"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416""ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]MSLivePhotoAcquireDropHandler\"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416""InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]MSLiveShowPicturesOnArrival\"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416""InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]MSLiveVideoCameraArrivalCaptureWizard\"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10""ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler""InitCmdLine" = "WLXVideoAcquireWizard"HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPDVDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVDBurn.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]VLCPlayCDAudioOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.CDAudio""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]VLCPlayDVDMovieOnArrival\"Provider" = "VideoLAN VLC media player""InvokeProgID" = "VLC.DVDMovie""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]Startup items in "Bandar" & "All Users" startup folders:--------------------------------------------------------C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"Empowering Technology Launcher" -> shortcut to: "C:\Acer\Empowering Technology\eAPLauncher.exe 9999" ["Acer Inc."]Windows Sidebar Gadgets:------------------------C:\Users\Bandar\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget""C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget""C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCalendar.Gadget"Non-disabled Scheduled Tasks:-----------------------------C:\Windows\System32\Tasks"AutoKMS" -> launches: "C:\Windows\AutoKMS.exe" [null data]"AutoKMSDaily" -> launches: "C:\Windows\AutoKMS.exe" [null data]"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]"RealUpgradeLogonTaskS-1-5-21-1497786723-1655638610-919133655-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]"RealUpgradeScheduledTaskS-1-5-21-1497786723-1655638610-919133655-1000" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]"Scheduled Update for Ask Toolbar" -> launches: "C:\Program Files\Ask.com\UpdateTask.exe" [null data]"{4DB98CD4-ECDF-4729-B0AE-7603181B540C}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\برامج\FreePrimoPDF32Setup.exe -d H:\برامج" [MS]"{749F9B65-9003-4E3D-8CE0-7D1154394083}" -> launches: "C:\Program Files\Skype\\Phone\Skype.exe" ["Skype Technologies S.A."]"{83E38D50-8DD4-46A4-B668-684748FEF056}" -> launches: "H:\كتب\shamela-r1\_shamela.exe" [file not found]"{8473E8E1-016C-4B77-8CCC-A979D2E96EB5}" -> launches: "C:\Windows\system32\pcalua.exe -a H:\برامج\عام\AdobeAIRInstaller.exe -d H:\برامج\عام" [MS]"{C2B236C0-C7A0-4B94-8ADC-6B0BC9852AB0}" -> launches: "C:\Windows\system32\pcalua.exe -a I:\كتب\shamela-r1\bin\viewer.exe -d I:\كتب -c I:\كتب\الحاوي الكبير.bok" [MS]"{D13577D1-6A49-41C7-B85D-69A4FCFDB849}" -> launches: "H:\كتب\shamela-r1\_shamela.exe" [file not found]"{EBC8E564-B1D9-49FE-96C8-241E6DDE597A}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Synaptics\SynTP\SynAcerCpl.cpl" -c Synaptics Acer MediaTouch" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience"AitAgent" -> launches: "aitagent" [MS]"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Autochk"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "KernelCeipCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}" -> {HKLM...CLSID} = "UsbCeip" \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Defrag"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}" -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Location"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}" -> {HKLM...CLSID} = "WinSAT Task Manger Task" \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Media Center"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\RAC"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}" -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler" \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Ras"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}" -> {HKLM...CLSID} = "RasMobilityManager" \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Registry"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}" -> {HKLM...CLSID} = "RegistryIdleBackupHandler" \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\SideShow"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}" -> {HKLM...CLSID} = "RunTask" \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\UPnP"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\WDI"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]C:\Windows\System32\Tasks\Microsoft\Windows Defender"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]C:\Windows\System32\Tasks\WPD"SqmUpload_S-1-5-21-1497786723-1655638610-919133655-1000" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000005\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]000000000006\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000007\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\Windows\system32\idmmbc.dll ["Tonec Inc."], 01 - 10, 40%SystemRoot%\system32\mswsock.dll [MS], 11 - 39Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "إرسال إلى OneNote""MenuText" = "إر&سال إلى OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll" [MS]{4248FE82-7FCB-46AC-B270-339F08212110}\"ButtonText" = "&لوحة مفاتيح ظاهرية""CLSIDExtension" = "{4248FE82-7FCB-46AC-B270-339F08212110}" -> {HKLM...CLSID} = "VirtualKeyboardButtonHandler Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\"ButtonText" = "ملاحظات OneNote الم&رتبطة""MenuText" = "ملاحظات OneNote الم&رتبطة""CLSIDExtension" = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}" -> {HKLM...CLSID} = "Linked Notes button" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll" [MS]{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\"ButtonText" = "Skype Plug-In""MenuText" = "Skype Plug-In""CLSIDExtension" = "{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" -> {HKLM...CLSID} = "Skype Browser Helper" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]{CCA281CA-C863-46EF-9331-5C8D4460577F}\"ButtonText" = "@btrez.dll,-4015""MenuText" = "@btrez.dll,-12650""Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]{CCF151D8-D089-449F-A5A4-D9909053F20F}\"ButtonText" = "فحص عناوين المواقع (URL)""CLSIDExtension" = "{CCF151D8-D089-449F-A5A4-D9909053F20F}" -> {HKLM...CLSID} = "FilterButtonHandler Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll" ["Kaspersky Lab"]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" ["AMD"]Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r" ["Kaspersky Lab"]Office Software Protection Platform, osppsvc, ""C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"" [MS]---------- (launch time: 2011-06-09 16:48:47): Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box.---------- (total run time: 59 seconds, including 18 seconds for message boxes)
 
تأييد 0
بعد فحص المال وير

************' Anti-Malware 1.51.0.1200
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 6705
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
09/06/11 05:44:48 م
mbam-log-2011-06-09 (17-44-48).txt
Scan type: Full scan (C:\|)
Objects scanned: 234912
Time elapsed: 51 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\kmsemulator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
 
تأييد 0
عملت مال وير للفلاش ميموري والهارديسك الخارجي والتقرير كالتالي :

************' Anti-Malware 1.51.0.1200
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Database version: 6705
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
09/06/11 05:58:16 م
mbam-log-2011-06-09 (17-58-16).txt
Scan type: Full scan (F:\|I:\|)
Objects scanned: 153720
Time elapsed: 6 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
f:\كتب\الموسوعة الميسرة في الأديان والمذاهب المعاصرة.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
i:\كتب\كتب عامة\الموسوعة الميسرة في الأديان والمذاهب المعاصرة.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
 
تأييد 0
بالله عليكم اريد حلا وشكرا
 
تأييد 0
يا جماعة يا مشرفين يا مراقبين ما احد شاف لي حل انتم تقولون اذا انتهت المشكلة يكتب تم الحل انا الى الان لم يصلني الحل ؟؟؟؟؟
 
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى