معي مشكلة في الشبكة ياليت الحل لها

النور الشارد

النور الشارد

زيزوومى مميز
إنضم
13 سبتمبر 2008
المشاركات
447
مستوى التفاعل
123
النقاط
500
الإقامة
الاحساء
الموقع الالكتروني
rabetbio.com
غير متصل
السلام عليكم ورحمه الله وبركاتة
انا معي وندوز xp عربي سيرفس باك 3 ومعي مشكلة في الشبكة تطلع لي مشكلة فيها وانا وضعت لكم صور لكي تشوفون لي حل لهده المشكلة ومكتوب اني اسوي استعاده نظام وحاولت كدا وكدا مرة ولكن ما يقبل يعمل استعاده النظام وهده صور توضيحية
اتمنى اني وضعت الموضوع في مكانة الصحيح
هده الصور التوضيحية

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



اسف على اني طولت عليكم وياليت تشوفون لي حل لهده الاشكالية وجزاكم الله الف الف خير
اخوكم بو فهد
 

توقيع : النور الشارد
ترتيب حسب التاريخ ترتيب حسب الأصوات
السلام عليكم ورحمة الله وبركاته

أخي قم بالتالي

قم بحذف كافة الإتصالات عندك وقم بانشاء اتصال جديد
وأعلمنا بالنتيجة
 
توقيع : علي كيوان
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

طيب ياخوي كيف اعمل اتصال جديد ياليت لو تعطيني الطريقة لو كانت بصور وجزاك الله الف الف خير
 
توقيع : النور الشارد
تأييد 0
وهم بعد معي مشكلة عدم ظهور التاس باد مع الشريط اللي ظاهر فية الساعه هده صورة ياليت لو تقولو لي كيف الطريقة لأظافتة
هده صورة للبرنامج التاش باد جهازي لابتوب LG

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


ودي اضيف هدا البرنامج مع قائمة التشغيل على شان يشتغل على طول ياليت احد يساعدني بالمشكلتين اللي حاصلة معي
 
توقيع : النور الشارد
تأييد 0
ياخوي الكريم الاشكالية هده معي هم بعد مع الكيبل انا حدفت جميع الشبكات من الواير لس وهم بعد
وهم يستخدم هدا الاتصال العناصر التالية هم حدفت اول وحده ما ادري يمكن منها المشكله

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

 
توقيع : النور الشارد
تأييد 0
هم بعد بين فترة وفترة يطلع لي خطا بنظام تعارض عنوان الاي بي ما ادري شنو الحل
 
توقيع : النور الشارد
تأييد 0
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
ما حد عنده حل لهده الاشكالية اللي صايرة معي
 
توقيع : النور الشارد
تأييد 0
وين الحل يا جماعه الخير
 
توقيع : النور الشارد
تأييد 0
حمل الاداة من هذا الموضوع

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



واعمل تقرير هايجاك + قائمة البرامج المثبتة

------------------

3b3ce221851b60a78bfa55cbd704e323.jpg
 
توقيع : البارون
تأييد 0

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


علمت كدا ولا نفع معي ياليت لو تشفون الحل المناسب لي ولا مالي الا الفورمات
 
توقيع : النور الشارد
تأييد 0
هدا رابط اللي طلع لي الاول

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


وهدا الرابط الثاني

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



وهدا اللي طلع لي بالتقرير الاولي

QuickScan 32-bit v0.9.9.105
---------------------------
تاريخ المسح: Mon Jan 30 07:02:11 2012
عنوان الحاسب: 10747F2E

لم يتم العثور على عدوى
----------------------

البرامج
-------
Microsoft® Windows® Operating System 3168 C:\WINDOWS\system32\wbem\wmiprvse.exe
غير مسجل hsssrv.exe 980 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
غير مسجل hsswd.exe 440 C:\Program Files\Hotspot Shield\bin\hsswd.exe
غير مسجل Messenger Plus! 5 1308 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System 880 C:\WINDOWS\explorer.exe
غير مسجل openvpnas.exe 288 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
غير مسجل zyzoom.exe 3180 C:\Zyzoom_Forum_Tools\zyzoom.exe
تم تفقده IoctlSvc Application 2176 C:\WINDOWS\system32\IoctlSvc.exe
تم تفقده Bluetooth Software 1964 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
تم تفقده Bluetooth Software 1588 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
تم تفقده Bluetooth Software 1504 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
تم تفقده Bonjour 1604 C:\Program Files\Bonjour\mDNSResponder.exe
تم تفقده ClocX Application 1240 C:\Program Files\ClocX\ClocX.exe
تم تفقده GrooveMonitor Utility 1092 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده IEMonitor Application 3696 C:\Program Files\Internet Download Manager\IEMonitor.exe
تم تفقده Intel(R) Common User Interface 1056 C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface 1064 C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface 1104 C:\WINDOWS\system32\igfxsrvc.exe
تم تفقده Intel(R) Common User Interface 1044 C:\WINDOWS\system32\igfxtray.exe
تم تفقده Internet Download Manager (IDM) 1352 C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده iTunes 2624 C:\Program Files\iPod\bin\iPodService.exe
تم تفقده iTunes 1192 C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System 3320 C:\WINDOWS\system32\alg.exe
تم تفقده Microsoft® Windows® Operating System 1612 C:\WINDOWS\system32\csrss.exe
تم تفقده Microsoft® Windows® Operating System 1436 C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System 1692 C:\WINDOWS\system32\lsass.exe
تم تفقده Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\services.exe
تم تفقده Microsoft® Windows® Operating System 1340 C:\WINDOWS\system32\smss.exe
تم تفقده Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\spoolsv.exe
تم تفقده Microsoft® Windows® Operating System 1848 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1896 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1936 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 416 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 2224 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 184 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\winlogon.exe
تم تفقده MobileDeviceService 1544 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
تم تفقده RealPlayer (32-bit) 1112 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Realtek HD Audio Sound Effect Manager 1028 C:\WINDOWS\RTHDCPL.EXE
تم تفقده Symantec Security Technologies 2108 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Symantec Security Technologies 2440 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Synaptics Pointing Device Driver 1072 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده Windows Live Communications Platform 4012 C:\Program Files\Windows Live\Contacts\wlcomm.exe
تم تفقده Windows Live Messenger 2292 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
تم تفقده Windows Live Messenger 2924 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
تم تفقده Windows® Internet Explorer 616 C:\Program Files\Internet Explorer\iexplore.exe

انشطة الشبكة
------------
البرنامج iexplore.exe (616) موصول على معبر 80 (HTTP) --> 2.19.28.20
البرنامج iexplore.exe (616) موصول على معبر 80 (HTTP) --> 79.140.95.179
البرنامج iexplore.exe (616) موصول على معبر 80 (HTTP) --> 173.194.70.100
البرنامج iexplore.exe (616) موصول على معبر 80 (HTTP) --> 173.194.70.100
البرنامج iexplore.exe (616) موصول على معبر 80 (HTTP) --> 66.235.143.121
البرنامج msnmsgr.exe (2292) موصول على معبر 1863 (MSN) --> 64.4.61.90
البرنامج msnmsgr.exe (2924) موصول على معبر 1863 (MSN) --> 64.4.34.218
البرنامج msnmsgr.exe (2924) موصول على معبر 1863 (MSN) --> 64.4.61.30
البرنامج msnmsgr.exe (2924) موصول على معبر 1863 (MSN) --> 64.4.61.31
البرنامج svchost.exe (1896) يستمع لمعبر: 135 (RPC)

الملفات المفتوحة تلقائياً و الحساسة
-----------------------------------
غير مسجل HotKey C:\Program Files\LG Software\On Screen Display\HotKey.exe
غير مسجل Messenger Plus! 5 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\System32\logonui.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
غير مسجل Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
تم تفقده Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
تم تفقده Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
تم تفقده ClocX Application C:\Program Files\ClocX\ClocX.exe
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
تم تفقده Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
تم تفقده GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
تم تفقده Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده iTunes C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\sclgntfy.dll
تم تفقده Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\WlNotify.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
تم تفقده Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
تم تفقده RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده TuneUp Utilities C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

وصلات المتصفح
-------------
تم تفقده AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
تم تفقده Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
تم تفقده BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
تم تفقده Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده HssIE.dll C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
تم تفقده Internet Download Manager Module C:\Program Files\Internet Download Manager\IDMIECC.dll
تم تفقده Messenger C:\Program Files\Messenger\msmsgs.exe
تم تفقده Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
تم تفقده Norton Confidential C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
تم تفقده Norton Confidential C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
تم تفقده npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
تم تفقده RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
تم تفقده RealPlayer Download and Record Plugin C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
تم تفقده RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
تم تفقده RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
تم تفقده Symantec Intrusion Detection C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
تم تفقده Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

الملفات الناقصة
---------------
الملف ALCMTR.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Alcmtr"
الملف Explorer.exe غيرموجود
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"
الملف RTHDCPL.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"RTHDCPL"

مسح
---
MD5: c6c4405d9d1fb3f16475db6e3795803c C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll
MD5: 6bec0a02ef4a123720303c33f077df82 C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
MD5: 8712d4405dc0637964d965b31308b492 C:\Program Files\Hotspot Shield\bin\hsswd.exe
MD5: 661b770bc4cb72ee4e4b17c5a62b994f C:\Program Files\Hotspot Shield\bin\libeay32.dll
MD5: 4648640348aacc96b9828417213525a7 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MD5: 5b350bdcc73fd3021a6c0a79915e7c23 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
MD5: 317ab093c84db32f46ae1e820d795b88 C:\Program Files\LG Software\On Screen Display\HotKey.exe
MD5: d952c7f1b9bac216e52f9dd3f4df0566 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\cltLMJ.dll
MD5: aea88bf6b5ea7ac03c74b112485a9a54 C:\Program Files\Windows Live\Messenger\MSIMG32.dll
MD5: 058172de1a8ade29ecedf717ce105e63 C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll
MD5: 90f11fd6c321d9e0ed70b28f50d19ba6 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll
MD5: ac8d444b9be7280cbcd48f3c696630e7 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusRes.dll
MD5: 30183a68e8efde4cb7d65c815081dada C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MD5: 2db37abb69bdcaf7d2e7d8cd8f0e8164 C:\WINDOWS\explorer.exe
MD5: e10c1fbc5afbb1a38e524272ff8e4ca9 C:\WINDOWS\system32\BatMeter.dll
MD5: eaf3e64698c8b0eb1259b0af7daf5b3c C:\WINDOWS\system32\btwicons.dll
MD5: ace6799a605d63021030d21c9fada7b0 C:\WINDOWS\System32\cmd.exe
MD5: 7673d8daad0e3e7063c9a584983ca81c C:\WINDOWS\system32\comctl32.dll
MD5: 9e1f5627cc0ff76cb6b09c24ea6709d5 C:\WINDOWS\system32\credui.dll
MD5: 961d716d3df5c92e30addf26d18ac0c5 C:\WINDOWS\System32\logonui.exe
MD5: 9957bb469cfb6b92d6d73f15481a141d C:\WINDOWS\System32\MSGINA.dll
MD5: b3bd5f6533dc1692e1076ed28c7d8c6f C:\WINDOWS\system32\mshtml.dll
MD5: 1343b50dd950d8c653e712a5c4051db4 C:\WINDOWS\system32\msiexec.exe
MD5: 85f7e7c7d94ac27994a9ef3aba221f01 C:\WINDOWS\system32\mydocs.dll
MD5: 5b9d85841dcd9d13cd985d7d27cf9529 C:\WINDOWS\system32\NETSHELL.dll
MD5: b93858e00e1d6cb53cbb0d0201439d04 C:\WINDOWS\system32\RASDLG.dll
MD5: 5f73c8562797ac8a2bd31fd75d3e5381 C:\WINDOWS\system32\SETUPAPI.dll
MD5: 992da6aa80075694f4182d5da424cddf C:\WINDOWS\system32\SHELL32.dll
MD5: f186f974aef730a756d06cfa9cd26ef6 C:\WINDOWS\system32\stobject.dll
MD5: 20f385ced8c9a535e49c0111b0b36e25 C:\WINDOWS\system32\themeui.dll
MD5: a225d1300dfdfda5262a77ea958a05dc C:\WINDOWS\system32\wbem\mofd.dll
MD5: 7dab834def8b86ff8f0942fb63853e77 C:\WINDOWS\system32\wbem\wmiprov.dll
MD5: 604f769d6df30046ca7a36f04347cbac C:\WINDOWS\system32\wbem\wmiprvse.exe
MD5: d14aa8bd7fedd80c4af036822fb33a3e C:\WINDOWS\system32\webcheck.dll
MD5: dd79f1807ed4fb5e97cebc401ea599c3 C:\WINDOWS\system32\xpsp2res.dll
MD5: d6969d52430aff7c1891780ba0068f19 C:\Zyzoom_Forum_Tools\zyzoom.exe

لم يتم تحميل اي ملف
انتهاء المسح - تم الاتصال خلال 1 ثواني
الحجم الاجمالي - تم ارسال 0.00 ميجابايت و تم استقبال 0.15
تم مسح 623 ملف و برنامج - 9 ثواني
==============================================================================

وهم هدا بعد طلع لي
"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"Google Update" = ""C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"APSDaemon" = ""C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"ClocX" = "C:\Program Files\ClocX\ClocX.exe" ["BonSoft"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"PlusService" = "C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe" ["Yuna Software"]
"KeybdUtility" = ""C:\Program Files\LG Software\On Screen Display\HotKey.exe"" ["LG Electronics"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Norton Identity Protection"
-> {HKLM...CLSID} = "Norton Identity Protection"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Norton Vulnerability Protection"
-> {HKLM...CLSID} = "Norton Vulnerability Protection"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL" ["Symantec Corporation"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Hotspot Shield Class"
\InProcServer32\(Default) = "C:\Program Files\Hotspot Shield\HssIE\HssIE.dll" ["AnchorFree Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "ملحق Display Panning CPL"
-> {HKLM...CLSID} = "ملحق Display Panning CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\BTNEIG~1.DLL" ["Broadcom Corporation."]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btncopy.dll" ["Broadcom Corporation."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" [MS]
<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]
<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]
<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
FormatFactoryShell\(Default) = "{A3777921-CFD3-4A6B-89BF-08E6B95716E8}"
-> {HKLM...CLSID} = "FormatFactoryShell"
\InProcServer32\(Default) = "C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll" ["Free Time"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\NavShExt.dll"" ["Symantec Corporation"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
FormatFactoryShell\(Default) = "{A3777921-CFD3-4A6B-89BF-08E6B95716E8}"
-> {HKLM...CLSID} = "FormatFactoryShell"
\InProcServer32\(Default) = "C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll" ["Free Time"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btncopy.dll" ["Broadcom Corporation."]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\NavShExt.dll"" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]
GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.EXE" ["Gretech Corp."]
iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]
iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]
iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]
iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]
JABurnCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "burncd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1"" ["JetAudio, Inc."]
JACreateAlbumOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "createalbum"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1"" ["JetAudio, Inc."]
JAPlayCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1"" ["JetAudio, Inc."]
JAPlayDVDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playdvd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1"" ["JetAudio, Inc."]
JAPlayMediaOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playmedia"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]
JAPlaySVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]
JAPlayVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]
JARipCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "ripcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1"" ["JetAudio, Inc."]
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classi"
"InvokeProgID" = "MPC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MPC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]
MSCDBurningOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17170"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]
MSOpenFolder\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17155"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]
MSPlayMediaOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.PlayMedia"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.PlayMedia\shell\play\DropTarget\CLSID = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]
MSPrintPicturesOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17159"
"InvokeProgID" = "Applications\shimgvw.dll"
"InvokeVerb" = "print"
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\command\(Default) = "rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1" [MS]
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\DropTarget\CLSID = "{60fd46de-f830-4894-a628-6fa81bc0190d}"
-> {HKLM...CLSID} = "الكائن DropTarget لـ معالج طباعة الصور"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS]
MSShowPicturesOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17157"
"InvokeProgID" = "Shell.AutoplayForSlideShow.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Shell.AutoplayForSlideShow.1\shell\open\DropTarget\CLSID = "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"
-> {HKLM...CLSID} = "قراءة Shell التلقائية لـ عرض الشرائح"
\LocalServer32\(Default) = "rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [MS]
MSWiaEventHandler\
"Provider" = "@%systemroot%\System32\wiaacmgr.exe,-101"
"InvokeProgID" = "WIA.AutoplayDropHandler.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\WIA.AutoplayDropHandler.1\shell\open\DropTarget\CLSID = "{F1ABE2B5-C073-4dba-B6EB-FD7A5111DD8F}"
-> {HKLM...CLSID} = "WIA Auto Play Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\System32\wiadefui.dll" [MS]
MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]
NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]
NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]
NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]
NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]
NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

Startup items in "aaa" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]

Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1220945662-484061587-1606980848-1003Core" -> launches: "C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1220945662-484061587-1606980848-1003UA" -> launches: "C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "أب&حاث"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Hotspot Shield Monitoring Service, HssWd, "C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS" [null data]
Hotspot Shield Routing Service, HssSrv, "C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe" ["AnchorFree Inc."]
Hotspot Shield Service, HotspotShieldService, "C:\Program Files\Hotspot Shield\bin\openvpnas.exe" [null data]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Norton Internet Security, NIS, ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\diMaster.dll" /prefetch:1" ["Symantec Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}

Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

---------- (launch time: 2012-01-30 07:05:28)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 3 seconds for message boxes)

ما ادري هل طريقتي للوضع عدلة ام لا
 
توقيع : النور الشارد
تأييد 0
ما ادري والله هل الطريقة اللي قمت بها انا هل هية عدلة ام لا
 
توقيع : النور الشارد
تأييد 0
؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
 
توقيع : النور الشارد
تأييد 0
هدا رابط تقرير هايجك

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي



هدا تقرير عملية الفحص :

QuickScan 32-bit v0.9.9.105
---------------------------
تاريخ المسح: Tue Jan 31 03:14:57 2012
عنوان الحاسب: 10747F2E

لم يتم العثور على عدوى
----------------------

البرامج
-------
غير مسجل hsssrv.exe 364 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
غير مسجل hsswd.exe 924 C:\Program Files\Hotspot Shield\bin\hsswd.exe
غير مسجل Messenger Plus! 5 1992 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System 1620 C:\WINDOWS\explorer.exe
غير مسجل zyzoom.exe 3352 C:\Zyzoom_Forum_Tools\zyzoom.exe
تم تفقده IoctlSvc Application 1260 C:\WINDOWS\system32\IoctlSvc.exe
تم تفقده Bluetooth Software 1072 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
تم تفقده Bluetooth Software 480 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
تم تفقده Bluetooth Software 384 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
تم تفقده Bonjour 1972 C:\Program Files\Bonjour\mDNSResponder.exe
تم تفقده ClocX Application 1940 C:\Program Files\ClocX\ClocX.exe
تم تفقده GrooveMonitor Utility 1852 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده IEMonitor Application 3140 C:\Program Files\Internet Download Manager\IEMonitor.exe
تم تفقده Intel(R) Common User Interface 1796 C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface 1804 C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface 1860 C:\WINDOWS\system32\igfxsrvc.exe
تم تفقده Intel(R) Common User Interface 1784 C:\WINDOWS\system32\igfxtray.exe
تم تفقده Internet Download Manager (IDM) 160 C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده iTunes 2436 C:\Program Files\iPod\bin\iPodService.exe
تم تفقده iTunes 1900 C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System 2736 C:\WINDOWS\system32\alg.exe
تم تفقده Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\csrss.exe
تم تفقده Microsoft® Windows® Operating System 320 C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\lsass.exe
تم تفقده Microsoft® Windows® Operating System 788 C:\WINDOWS\system32\services.exe
تم تفقده Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\smss.exe
تم تفقده Microsoft® Windows® Operating System 1572 C:\WINDOWS\system32\spoolsv.exe
تم تفقده Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1040 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 2092 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 952 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 3680 C:\WINDOWS\system32\wbem\wmiprvse.exe
تم تفقده Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\winlogon.exe
تم تفقده MobileDeviceService 1988 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
تم تفقده RealPlayer (32-bit) 1880 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Realtek HD Audio Sound Effect Manager 1764 C:\WINDOWS\RTHDCPL.EXE
تم تفقده Symantec Security Technologies 1196 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Symantec Security Technologies 2240 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Synaptics Pointing Device Driver 1816 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده Windows Live Communications Platform 3992 C:\Program Files\Windows Live\Contacts\wlcomm.exe
تم تفقده Windows Live Messenger 1704 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
تم تفقده Windows® Internet Explorer 3644 C:\Program Files\Internet Explorer\iexplore.exe

انشطة الشبكة
------------
البرنامج msnmsgr.exe (1704) موصول على معبر 1863 (MSN) --> 207.46.124.41
البرنامج msnmsgr.exe (1704) موصول على معبر 443 (HTTP over SSL) --> 157.55.43.202
البرنامج iexplore.exe (3644) موصول على معبر 80 (HTTP) --> 209.85.148.139
البرنامج iexplore.exe (3644) موصول على معبر 80 (HTTP) --> 66.235.142.57
البرنامج iexplore.exe (3644) موصول على معبر 80 (HTTP) --> 79.140.94.67
البرنامج iexplore.exe (3644) موصول على معبر 80 (HTTP) --> 92.123.208.20
البرنامج iexplore.exe (3644) موصول على معبر 80 (HTTP) --> 209.85.148.139
البرنامج svchost.exe (1000) يستمع لمعبر: 135 (RPC)

الملفات المفتوحة تلقائياً و الحساسة
-----------------------------------
غير مسجل HotKey C:\Program Files\LG Software\On Screen Display\HotKey.exe
غير مسجل Messenger Plus! 5 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\System32\logonui.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
غير مسجل Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
تم تفقده Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
تم تفقده Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
تم تفقده ClocX Application C:\Program Files\ClocX\ClocX.exe
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
تم تفقده Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
تم تفقده GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
تم تفقده Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده iTunes C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPTNET.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\sclgntfy.dll
تم تفقده Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\WlNotify.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
تم تفقده Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
تم تفقده RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده TuneUp Utilities C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

وصلات المتصفح
-------------
تم تفقده AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
تم تفقده Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
تم تفقده BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
تم تفقده Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده HssIE.dll C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
تم تفقده Internet Download Manager Module C:\Program Files\Internet Download Manager\IDMIECC.dll
تم تفقده Messenger C:\Program Files\Messenger\msmsgs.exe
تم تفقده Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
تم تفقده Norton Confidential C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
تم تفقده Norton Confidential C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
تم تفقده npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
تم تفقده RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
تم تفقده RealPlayer Download and Record Plugin C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
تم تفقده RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
تم تفقده RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
تم تفقده Symantec Intrusion Detection C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
تم تفقده Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

الملفات الناقصة
---------------
الملف ALCMTR.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Alcmtr"
الملف Explorer.exe غيرموجود
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"
الملف RTHDCPL.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"RTHDCPL"

مسح
---
MD5: c6c4405d9d1fb3f16475db6e3795803c C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll
MD5: 6bec0a02ef4a123720303c33f077df82 C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
MD5: 8712d4405dc0637964d965b31308b492 C:\Program Files\Hotspot Shield\bin\hsswd.exe
MD5: 661b770bc4cb72ee4e4b17c5a62b994f C:\Program Files\Hotspot Shield\bin\libeay32.dll
MD5: 4648640348aacc96b9828417213525a7 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MD5: 5b350bdcc73fd3021a6c0a79915e7c23 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
MD5: 317ab093c84db32f46ae1e820d795b88 C:\Program Files\LG Software\On Screen Display\HotKey.exe
MD5: aea88bf6b5ea7ac03c74b112485a9a54 C:\Program Files\Windows Live\Messenger\MSIMG32.dll
MD5: 058172de1a8ade29ecedf717ce105e63 C:\Program Files\Yuna Software\Messenger Plus!\detour32.dll
MD5: 90f11fd6c321d9e0ed70b28f50d19ba6 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll
MD5: ac8d444b9be7280cbcd48f3c696630e7 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusRes.dll
MD5: 30183a68e8efde4cb7d65c815081dada C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MD5: 2db37abb69bdcaf7d2e7d8cd8f0e8164 C:\WINDOWS\explorer.exe
MD5: e10c1fbc5afbb1a38e524272ff8e4ca9 C:\WINDOWS\system32\BatMeter.dll
MD5: eaf3e64698c8b0eb1259b0af7daf5b3c C:\WINDOWS\system32\btwicons.dll
MD5: ace6799a605d63021030d21c9fada7b0 C:\WINDOWS\System32\cmd.exe
MD5: 7673d8daad0e3e7063c9a584983ca81c C:\WINDOWS\system32\comctl32.dll
MD5: 9e1f5627cc0ff76cb6b09c24ea6709d5 c:\windows\system32\credui.dll
MD5: 961d716d3df5c92e30addf26d18ac0c5 C:\WINDOWS\System32\logonui.exe
MD5: 9957bb469cfb6b92d6d73f15481a141d C:\WINDOWS\System32\MSGINA.dll
MD5: b3bd5f6533dc1692e1076ed28c7d8c6f C:\WINDOWS\system32\mshtml.dll
MD5: 1343b50dd950d8c653e712a5c4051db4 C:\WINDOWS\system32\msiexec.exe
MD5: 85f7e7c7d94ac27994a9ef3aba221f01 C:\WINDOWS\system32\mydocs.dll
MD5: 5b9d85841dcd9d13cd985d7d27cf9529 c:\windows\system32\netshell.dll
MD5: b93858e00e1d6cb53cbb0d0201439d04 C:\WINDOWS\System32\RASDLG.dll
MD5: 5f73c8562797ac8a2bd31fd75d3e5381 C:\WINDOWS\system32\SETUPAPI.dll
MD5: 992da6aa80075694f4182d5da424cddf C:\WINDOWS\system32\SHELL32.dll
MD5: f186f974aef730a756d06cfa9cd26ef6 C:\WINDOWS\system32\stobject.dll
MD5: 20f385ced8c9a535e49c0111b0b36e25 C:\WINDOWS\system32\themeui.dll
MD5: d14aa8bd7fedd80c4af036822fb33a3e C:\WINDOWS\system32\webcheck.dll
MD5: dd79f1807ed4fb5e97cebc401ea599c3 C:\WINDOWS\system32\xpsp2res.dll
MD5: d6969d52430aff7c1891780ba0068f19 C:\Zyzoom_Forum_Tools\zyzoom.exe

لم يتم تحميل اي ملف
انتهاء المسح - تم الاتصال خلال 1 ثواني
الحجم الاجمالي - تم ارسال 0.00 ميجابايت و تم استقبال 0.14
تم مسح 616 ملف و برنامج - 8 ثواني
==============================================================================
 
توقيع : النور الشارد
تأييد 0
هدا تقرير الفحص السريع:


QuickScan 32-bit v0.9.9.105
---------------------------
تاريخ المسح: Tue Jan 31 03:22:58 2012
عنوان الحاسب: 10747F2E

لم يتم العثور على عدوى
----------------------

البرامج
-------
غير مسجل hsssrv.exe 664 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
غير مسجل hsswd.exe 1060 C:\Program Files\Hotspot Shield\bin\hsswd.exe
غير مسجل Messenger Plus! 5 196 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System 1704 C:\WINDOWS\explorer.exe
غير مسجل Microsoft® Windows® Operating System 2772 C:\WINDOWS\system32\wuauclt.exe
غير مسجل zyzoom.exe 3924 C:\Zyzoom_Forum_Tools\zyzoom.exe
تم تفقده IoctlSvc Application 1296 C:\WINDOWS\system32\IoctlSvc.exe
تم تفقده Bluetooth Software 1064 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
تم تفقده Bluetooth Software 552 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
تم تفقده Bluetooth Software 460 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
تم تفقده Bonjour 2044 C:\Program Files\Bonjour\mDNSResponder.exe
تم تفقده ClocX Application 2012 C:\Program Files\ClocX\ClocX.exe
تم تفقده GrooveMonitor Utility 1948 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده Intel(R) Common User Interface 1864 C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface 1876 C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface 1900 C:\WINDOWS\system32\igfxsrvc.exe
تم تفقده Intel(R) Common User Interface 1852 C:\WINDOWS\system32\igfxtray.exe
تم تفقده iTunes 2488 C:\Program Files\iPod\bin\iPodService.exe
تم تفقده iTunes 1996 C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System 2916 C:\WINDOWS\system32\alg.exe
تم تفقده Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\csrss.exe
تم تفقده Microsoft® Windows® Operating System 384 C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System 800 C:\WINDOWS\system32\lsass.exe
تم تفقده Microsoft® Windows® Operating System 788 C:\WINDOWS\system32\services.exe
تم تفقده Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\smss.exe
تم تفقده Microsoft® Windows® Operating System 1524 C:\WINDOWS\system32\spoolsv.exe
تم تفقده Microsoft® Windows® Operating System 1228 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 948 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 2088 C:\WINDOWS\system32\svchost.exe
تم تفقده Microsoft® Windows® Operating System 744 C:\WINDOWS\system32\winlogon.exe
تم تفقده MobileDeviceService 1848 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
تم تفقده RealPlayer (32-bit) 1976 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Realtek HD Audio Sound Effect Manager 1836 C:\WINDOWS\RTHDCPL.EXE
تم تفقده Symantec Security Technologies 1152 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Symantec Security Technologies 2248 C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
تم تفقده Synaptics Pointing Device Driver 1920 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده Windows® Internet Explorer 3320 C:\Program Files\Internet Explorer\iexplore.exe

انشطة الشبكة
------------
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 92.123.208.20
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 79.140.94.67
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 173.194.70.139
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 173.194.70.139
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 92.123.208.20
البرنامج iexplore.exe (3320) موصول على معبر 80 (HTTP) --> 66.235.142.57
البرنامج svchost.exe (996) يستمع لمعبر: 135 (RPC)

الملفات المفتوحة تلقائياً و الحساسة
-----------------------------------
غير مسجل HotKey C:\Program Files\LG Software\On Screen Display\HotKey.exe
غير مسجل Messenger Plus! 5 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\System32\logonui.exe
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
غير مسجل Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
غير مسجل Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
تم تفقده Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
تم تفقده Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
تم تفقده ClocX Application C:\Program Files\ClocX\ClocX.exe
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
تم تفقده Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
تم تفقده GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
تم تفقده Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
تم تفقده Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
تم تفقده iTunes C:\Program Files\iTunes\iTunesHelper.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\cscdll.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\sclgntfy.dll
تم تفقده Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\WlNotify.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
تم تفقده Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
تم تفقده RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
تم تفقده Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
تم تفقده TuneUp Utilities C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

وصلات المتصفح
-------------
تم تفقده AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
تم تفقده Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
تم تفقده BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
تم تفقده Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
تم تفقده Google Update C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
تم تفقده GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
تم تفقده HssIE.dll C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
تم تفقده Internet Download Manager Module C:\Program Files\Internet Download Manager\IDMIECC.dll
تم تفقده Messenger C:\Program Files\Messenger\msmsgs.exe
تم تفقده Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
تم تفقده Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
تم تفقده Norton Confidential C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
تم تفقده Norton Confidential C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
تم تفقده npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
تم تفقده RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
تم تفقده RealPlayer Download and Record Plugin C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
تم تفقده RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
تم تفقده RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
تم تفقده Symantec Intrusion Detection C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
تم تفقده Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

الملفات الناقصة
---------------
الملف ALCMTR.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Alcmtr"
الملف Explorer.exe غيرموجود
--> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"
الملف RTHDCPL.EXE غيرموجود
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"RTHDCPL"

مسح
---
MD5: 6bec0a02ef4a123720303c33f077df82 C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
MD5: 8712d4405dc0637964d965b31308b492 C:\Program Files\Hotspot Shield\bin\hsswd.exe
MD5: 661b770bc4cb72ee4e4b17c5a62b994f C:\Program Files\Hotspot Shield\bin\libeay32.dll
MD5: 4648640348aacc96b9828417213525a7 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MD5: 5b350bdcc73fd3021a6c0a79915e7c23 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
MD5: 317ab093c84db32f46ae1e820d795b88 C:\Program Files\LG Software\On Screen Display\HotKey.exe
MD5: 30183a68e8efde4cb7d65c815081dada C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MD5: 2db37abb69bdcaf7d2e7d8cd8f0e8164 C:\WINDOWS\explorer.exe
MD5: e10c1fbc5afbb1a38e524272ff8e4ca9 C:\WINDOWS\system32\BatMeter.dll
MD5: eaf3e64698c8b0eb1259b0af7daf5b3c C:\WINDOWS\system32\btwicons.dll
MD5: ace6799a605d63021030d21c9fada7b0 C:\WINDOWS\System32\cmd.exe
MD5: 7673d8daad0e3e7063c9a584983ca81c C:\WINDOWS\system32\comctl32.dll
MD5: 9e1f5627cc0ff76cb6b09c24ea6709d5 c:\windows\system32\credui.dll
MD5: 961d716d3df5c92e30addf26d18ac0c5 C:\WINDOWS\System32\logonui.exe
MD5: 9957bb469cfb6b92d6d73f15481a141d C:\WINDOWS\System32\MSGINA.dll
MD5: b3bd5f6533dc1692e1076ed28c7d8c6f C:\WINDOWS\system32\mshtml.dll
MD5: 1343b50dd950d8c653e712a5c4051db4 C:\WINDOWS\system32\msiexec.exe
MD5: 85f7e7c7d94ac27994a9ef3aba221f01 C:\WINDOWS\system32\mydocs.dll
MD5: 5b9d85841dcd9d13cd985d7d27cf9529 c:\windows\system32\netshell.dll
MD5: b93858e00e1d6cb53cbb0d0201439d04 C:\WINDOWS\System32\RASDLG.dll
MD5: 5f73c8562797ac8a2bd31fd75d3e5381 C:\WINDOWS\system32\SETUPAPI.dll
MD5: 992da6aa80075694f4182d5da424cddf C:\WINDOWS\system32\SHELL32.dll
MD5: f186f974aef730a756d06cfa9cd26ef6 C:\WINDOWS\system32\stobject.dll
MD5: 20f385ced8c9a535e49c0111b0b36e25 C:\WINDOWS\system32\themeui.dll
MD5: d14aa8bd7fedd80c4af036822fb33a3e C:\WINDOWS\system32\webcheck.dll
MD5: 2a38ed6ef66d8292cbd660cab580d7fc C:\WINDOWS\system32\wuauclt.exe
MD5: cf3aee911d3391c7be9ded6768dac4e4 C:\WINDOWS\system32\wuaucpl.cpl
MD5: dd79f1807ed4fb5e97cebc401ea599c3 C:\WINDOWS\system32\xpsp2res.dll
MD5: d6969d52430aff7c1891780ba0068f19 C:\Zyzoom_Forum_Tools\zyzoom.exe

لم يتم تحميل اي ملف
انتهاء المسح - تم الاتصال خلال 1 ثواني
الحجم الاجمالي - تم ارسال 0.00 ميجابايت و تم استقبال 0.13
تم مسح 550 ملف و برنامج - 13 ثواني
==============================================================================
 
توقيع : النور الشارد
تأييد 0
نقاط بدء التشغيل:

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي


Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]
"Google Update" = ""C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"APSDaemon" = ""C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"ClocX" = "C:\Program Files\ClocX\ClocX.exe" ["BonSoft"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"PlusService" = "C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe" ["Yuna Software"]
"KeybdUtility" = ""C:\Program Files\LG Software\On Screen Display\HotKey.exe"" ["LG Electronics"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"
-> {HKLM...CLSID} = "IDM integration (IDMIEHlprObj Class)"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Internet Download Manager, Tonec Inc."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Norton Identity Protection"
-> {HKLM...CLSID} = "Norton Identity Protection"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Norton Vulnerability Protection"
-> {HKLM...CLSID} = "Norton Vulnerability Protection"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL" ["Symantec Corporation"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Hotspot Shield Class"
\InProcServer32\(Default) = "C:\Program Files\Hotspot Shield\HssIE\HssIE.dll" ["AnchorFree Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

IDM Shell Extension\(Default) = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "ملحق Display Panning CPL"
-> {HKLM...CLSID} = "ملحق Display Panning CPL"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "My Bluetooth Places"
\InProcServer32\(Default) = "C:\WINDOWS\system32\BTNEIG~1.DLL" ["Broadcom Corporation."]

"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btncopy.dll" ["Broadcom Corporation."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]

"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"
-> {HKLM...CLSID} = "IDM Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMShellExt.dll" ["Tonec Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL" [MS]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

FormatFactoryShell\(Default) = "{A3777921-CFD3-4A6B-89BF-08E6B95716E8}"
-> {HKLM...CLSID} = "FormatFactoryShell"
\InProcServer32\(Default) = "C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll" ["Free Time"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\NavShExt.dll"" ["Symantec Corporation"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

FormatFactoryShell\(Default) = "{A3777921-CFD3-4A6B-89BF-08E6B95716E8}"
-> {HKLM...CLSID} = "FormatFactoryShell"
\InProcServer32\(Default) = "C:\Program Files\FreeTime\FormatFactory\ShellEx_100.dll" ["Free Time"]

TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Monitor\(Default) = "{7842554E-6BED-11D2-8CDB-B05550C10000}"
-> {HKLM...CLSID} = "Monitor Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btncopy.dll" ["Broadcom Corporation."]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\NavShExt.dll"" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\aaa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]

GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.EXE" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.EXE" ["Gretech Corp."]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

JABurnCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "burncd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1"" ["JetAudio, Inc."]

JACreateAlbumOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "createalbum"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1"" ["JetAudio, Inc."]

JAPlayCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1"" ["JetAudio, Inc."]

JAPlayDVDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playdvd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1"" ["JetAudio, Inc."]

JAPlayMediaOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playmedia"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio"]

JAPlaySVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]

JAPlayVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]

JARipCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "ripcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1"" ["JetAudio, Inc."]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classi"
"InvokeProgID" = "MPC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MPC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]

MSCDBurningOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17170"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]

MSOpenFolder\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17155"
"InvokeProgID" = "Folder"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = "C:\WINDOWS\Explorer.exe /idlist,%I,%L" [MS]

MSPlayMediaOnArrival\
"Provider" = "@wmploc.dll,-6502"
"InvokeProgID" = "WMP.PlayMedia"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\WMP.PlayMedia\shell\play\DropTarget\CLSID = "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"
-> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS]

MSPrintPicturesOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17159"
"InvokeProgID" = "Applications\shimgvw.dll"
"InvokeVerb" = "print"
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\command\(Default) = "rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1" [MS]
HKLM\SOFTWARE\Classes\Applications\shimgvw.dll\shell\print\DropTarget\CLSID = "{60fd46de-f830-4894-a628-6fa81bc0190d}"
-> {HKLM...CLSID} = "الكائن DropTarget لـ معالج طباعة الصور"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS]

MSShowPicturesOnArrival\
"Provider" = "@%SystemRoot%\system32\SHELL32.dll,-17157"
"InvokeProgID" = "Shell.AutoplayForSlideShow.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Shell.AutoplayForSlideShow.1\shell\open\DropTarget\CLSID = "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"
-> {HKLM...CLSID} = "قراءة Shell التلقائية لـ عرض الشرائح"
\LocalServer32\(Default) = "rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" [MS]

MSWiaEventHandler\
"Provider" = "@%systemroot%\System32\wiaacmgr.exe,-101"
"InvokeProgID" = "WIA.AutoplayDropHandler.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\WIA.AutoplayDropHandler.1\shell\open\DropTarget\CLSID = "{F1ABE2B5-C073-4dba-B6EB-FD7A5111DD8F}"
-> {HKLM...CLSID} = "WIA Auto Play Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\System32\wiadefui.dll" [MS]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]


Startup items in "aaa" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل
"Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]


Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1220945662-484061587-1606980848-1003Core" -> launches: "C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1220945662-484061587-1606980848-1003UA" -> launches: "C:\Documents and Settings\aaa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "أب&حاث"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Hotspot Shield Monitoring Service, HssWd, "C:\Program Files\Hotspot Shield\bin\hsswd.exe -product HSS" [null data]
Hotspot Shield Routing Service, HssSrv, "C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe" ["AnchorFree Inc."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Norton Internet Security, NIS, ""C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.2.0.10\diMaster.dll" /prefetch:1" ["Symantec Corporation"]
PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, "C:\WINDOWS\system32\IoctlSvc.exe" ["Prolific Technology Inc."]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2012-01-31 03:34:58)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 3 seconds for message boxes)
 
توقيع : النور الشارد
تأييد 0
هده سجلات النظام والاخطاء:


====== سجل أخطاء النظام ======
Computer Name: MMM
Event Code: 8003
Message: The master browser has received a server announcement from the computer HP-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9A82098C-78EF-4BE0-A77.
The master browser is stopping or an election is being forced.
Record Number: 633
Source Name: MRxSmb
Time Written: 20120123020421.000000+180
Event Type: error
User:
Computer Name: MMM
Event Code: 4226
Message: وصل TCP/IP إلى أقصى حد للأمان بناءاً على محاولات اتصال TCP المتلاحقة.
Record Number: 629
Source Name: Tcpip
Time Written: 20120123011908.000000+180
Event Type: warning
User:
Computer Name: MMM
Event Code: 8003
Message: The master browser has received a server announcement from the computer HP-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9A82098C-78EF-4BE0-A77.
The master browser is stopping or an election is being forced.
Record Number: 628
Source Name: MRxSmb
Time Written: 20120123005217.000000+180
Event Type: error
User:
Computer Name: MMM
Event Code: 8003
Message: The master browser has received a server announcement from the computer HP-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9A82098C-78EF-4BE0-A77.
The master browser is stopping or an election is being forced.
Record Number: 580
Source Name: MRxSmb
Time Written: 20120122235339.000000+180
Event Type: error
User:
Computer Name: MMM
Event Code: 7
Message: ‏‏الجهاز، \Device\CdRom0، به كتلة تالفة.
Record Number: 547
Source Name: Cdrom
Time Written: 20120122215847.000000+180
Event Type: error
User:

===== سجل أخطاء البرامج =====
Computer Name: MMM
Event Code: 5603
Message: ‏‏تم تسجيل الموفر Rsop Planning Mode Provider في مساحة اسم WMI root\RSOP ولم يتم تحديد الخاصية HostingModel. سيتم تشغيل الموفر باستخدام حساب LocalSystem. تم منح الامتياز لهذا الحساب وقد يتسبب الموفر في انتهاك الأمان إذا لم ينتحل طلبات المستخدم بشكل صحيح. تأكد من مراجعة الموفر بالنسبة لسلوك الأمان وقم بتحديث الخاصية HostingModel الخاصة بتسجيل الموفر بأحد الحسابات بأقل امتيازات ممكنة للوظائف المطلوبة.
Record Number: 15
Source Name: WinMgmt
Time Written: 20120122114919.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MMM
Event Code: 5603
Message: ‏‏تم تسجيل الموفر Rsop Planning Mode Provider في مساحة اسم WMI root\RSOP ولم يتم تحديد الخاصية HostingModel. سيتم تشغيل الموفر باستخدام حساب LocalSystem. تم منح الامتياز لهذا الحساب وقد يتسبب الموفر في انتهاك الأمان إذا لم ينتحل طلبات المستخدم بشكل صحيح. تأكد من مراجعة الموفر بالنسبة لسلوك الأمان وقم بتحديث الخاصية HostingModel الخاصة بتسجيل الموفر بأحد الحسابات بأقل امتيازات ممكنة للوظائف المطلوبة.
Record Number: 14
Source Name: WinMgmt
Time Written: 20120122114919.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MMM
Event Code: 63
Message: ‏‏تم تسجيل موفر, CmdTriggerConsumer, في مساحة الاسم WMI, Root\cimv2, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 13
Source Name: WinMgmt
Time Written: 20120122114919.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MMM
Event Code: 63
Message: ‏‏تم تسجيل موفر, CmdTriggerConsumer, في مساحة الاسم WMI, Root\cimv2, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 12
Source Name: WinMgmt
Time Written: 20120122114919.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: MMM
Event Code: 63
Message: ‏‏تم تسجيل موفر, HiPerfCooker_v1, في مساحة الاسم WMI, Root\WMI, من أجل استخدام الحساب LocalSystem. هذا الحساب يملك امتيازات وقد يسبب الموفر انتهاكاً للأمان إذا لم يقم بتمثيل طلبات المستخدم بالشكل الصحيح.
Record Number: 11
Source Name: WinMgmt
Time Written: 20120122114917.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

===== تقرير انهيار البرامج =====


===== تقرير الشاشة الزرقاء =====
 
توقيع : النور الشارد
تأييد 0
قائمة البرامج المنبثقة:

====== معلومات نظام التشغيل ======
X86 WIN_XP 2600 Service Pack 3

====== قائمة البرامج المثبتة ======
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS
Adobe Reader 9 - Arabic
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
ClocX (1.5b2)
COWON Media Center - jetAudio Basic VX
FormatFactory 2.80
GOM Player
Hotspot Shield 1.56
Intel(R) Graphics Media *********** Driver
Internet Download Manager
iTunes
K-Lite Codec Pack 2.70 Full
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Messenger Plus!
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
Microsoft Office InfoPath MUI (Arabic) 2007
Microsoft Office OneNote MUI (Arabic) 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Software Update for Web Folders (Arabic) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSVCRT
Nero 7 Ultra Edition
neroxml
Norton Internet Security
On Screen Display
RealPlayer
Realtek High Definition Audio Driver
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
TuneUp Utilities 2007
USB 2.0 Card Reader
VCRedistSetup
Vista Anthracite Pack - Lite 1.31
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
أداة التحميل Windows Live Upload Tool
مساعد تسجيل الدخول إلى Windows Live
 
توقيع : النور الشارد
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى