تم حل المشكلة هل جهازي فيه ملفات تجسس او مخترق

المترقب · 4 أبريل 2012

السلام عليكم ورحمة الله وبركاته..

كيفكم يا زيزوميين!؟
إن شاء الله بخير
انا حابب اشوف إذا جهازي مخترق او تم إختراقه او فيه ملفات تجسسيه
واتمنى ما تخيبوا ظني فيكم :q:

وهذي هي التقارير:
(تقرير الهآيجاك)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:43:22 ص, on 04/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\TOSHIBA\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PlusService] C:\Users\TOSHIBA\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: إر&سال إلى OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: تدوين هذا في المدونة - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &تدوين هذا في Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ملاحظات OneNote الم&رتبطة - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: taisregispinger - Unknown owner - C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12395 bytes

(وهذا تقرير عن قائمة البرامج مالثبتة)

====== معلومات نظام التشغيل ======

X64 WIN_7 7601 Service Pack 1

====== قائمة البرامج المثبتة ======

Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS
Adobe Reader 9.5.0
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira Premium Security Suite
Bejeweled 2 Deluxe
BufferChm
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Copy
COWON Media Center - jetAudio Plus VX
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
Escape Rosecliff Island
F2400
F2400_NCL_Help
FATE - The Traitor Soul
File Type Assistant
Final Media Player 2011
FormatFactory 2.00
GPBaseService2
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel(R) Graphics Media *********** Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest 3
Junk Mail filter update
Kantaris Media Player 0.6.6
Label@Once 1.0
Malwarebytes Anti-Malware النسخة 1.60.1.1000
MarketResearch
Messenger Plus! 5
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Arabic) 2010
Microsoft Office Excel MUI (Arabic) 2010
Microsoft Office Groove MUI (Arabic) 2010
Microsoft Office InfoPath MUI (Arabic) 2010
Microsoft Office OneNote MUI (Arabic) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Arabic) 2010
Microsoft Office PowerPoint MUI (Arabic) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proofing (Arabic) 2010
Microsoft Office Publisher MUI (Arabic) 2010
Microsoft Office Shared MUI (Arabic) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Arabic) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 11.0 (x86 ar)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera 11.61
Penguins!
Polar Bowler
Quickbooks Financial Center
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Scan
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Launcher
SmartWebPrinting
SMPlayer 0.6.0rc2
SolutionCenter
Status
The KMPlayer (remove only)
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
UltraISO Premium V9.0
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Outlook Social Connector (KB2583935)
Virtual Families
Virtual Villagers - The Secret City
WebReg
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge
أداة التحميل Windows Live Upload Tool
أرشيف وينرار
بريد Windows Live
صانع الأفلام من Windows Live
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
مساعد تسجيل الدخول إلى Windows Live
معرض صور Windows Live

(هذا ملف الرن سكنر)

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ومنتظر ردكم ^_^

المترقب · 4 أبريل 2012

(وهذا تقرير الستارت اوب)
"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NortonOnlineBackupReminder" = ""C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED" ["Toshiba"]
"msnmsgr" = ""C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HP Software Update" = "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]
"avgnt" = ""C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"BCSSync" = ""C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices" [MS]
"PlusService" = "C:\Users\TOSHIBA\Messenger Plus!\PlusService.exe" ["Yuna Software"]
"SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"TkBellExe" = ""C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"Malwarebytes' Anti-Malware" = ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\(Default) = "Browser Customizations"
\StubPath = ""C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer"
-> {HKLM...CLSID} = "HP Print Enhancer"
\InProcServer32\(Default) = "C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى Windows Live"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = "URLRedirectionBHO"
-> {HKLM...CLSID} = "Office Document Cache Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{F3C88694-EFFA-4d78-B409-54B7B2535B14}\(Default) = (no title provided)
-> {HKLM...CLSID} = "TOSHIBA Media Controller Plug-in"
\InProcServer32\(Default) = "C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll" ["<TOSHIBA>"]

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class"
-> {HKLM...CLSID} = "HP Smart BHO Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll" [MS]

"{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D}" = "Groove Namespace Extension"
-> {HKLM...CLSID} = "مساحات عمل"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}" = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL" [MS]

"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL" [MS]

"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\JetAudio\JetFlExt.dll" ["JetAudio"]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "c:\program files (x86)\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"
-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\windows\System32\VaultCredProvider.dll" [file not found]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807573E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> mk\CLSID = "{79eac9e6-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "mk: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"
-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]

<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]

<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\JetAudio\JetFlExt.dll" ["JetAudio"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\JetAudio\JetFlExt.dll" ["JetAudio"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Default executables:
--------------------

HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoTrayContextMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

JABurnCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "burncd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /burncd "%1"" ["JetAudio, Inc."]

JACreateAlbumOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "createalbum"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /createalbum "%1"" ["JetAudio, Inc."]

JAPlayCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /playcd "%1"" ["JetAudio, Inc."]

JAPlayDVDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playdvd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /playdvd "%1"" ["JetAudio, Inc."]

JAPlayMediaOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playmedia"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"
-> {HKLM...CLSID} = "JetFlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\JetAudio\JetFlExt.dll" ["JetAudio"]

JAPlaySVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]

JAPlayVCDMovieOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "playvcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /playvcd "%1"" ["JetAudio, Inc."]

JARipCDAudioOnArrival\
"Provider" = "jetAudio"
"InvokeProgID" = "jetAudio.MediaHandler"
"InvokeVerb" = "ripcd"
HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = ""C:\Program Files (x86)\JetAudio\jetAudio.exe" /ripcd "%1"" ["JetAudio, Inc."]

KantarisAudioCD\
"Provider" = "Kantaris Media Player"
"InvokeProgID" = "KantarisAudioFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\KantarisAudioFile\shell\play\command\(Default) = ""C:\Program Files (x86)\Kantaris\Kantaris.exe" "%1"" ["Christofer Persson"]

KantarisAudioUSB\
"Provider" = "Kantaris Media Player"
"InvokeProgID" = "KantarisAudioFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\KantarisAudioFile\shell\play\command\(Default) = ""C:\Program Files (x86)\Kantaris\Kantaris.exe" "%1"" ["Christofer Persson"]

KantarisDVD\
"Provider" = "Kantaris Media Player"
"InvokeProgID" = "KantarisVideoFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\KantarisVideoFile\shell\play\command\(Default) = ""C:\Program Files (x86)\Kantaris\Kantaris.exe" "%1"" ["Christofer Persson"]

KantarisVideoUSB\
"Provider" = "Kantaris Media Player"
"InvokeProgID" = "KantarisVideoFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\KantarisVideoFile\shell\play\command\(Default) = ""C:\Program Files (x86)\Kantaris\Kantaris.exe" "%1"" ["Christofer Persson"]

MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10;ar-sa.8117.0416"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""c:\program files (x86)\real\realplayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WIA_{2F62FEE0-5159-4182-81E2-741407EAF434}\
"Provider" = "Photoshop"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Adobe\Photoshop CS\Photoshop.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{E87FD68E-FC5E-4F4B-A6E0-673FEF783C0B}\
"Provider" = "Microsoft Word"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE /IMG_WIA;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "TOSHIBA" & "All Users" startup folders:
---------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ["Avira GmbH"], 01 - 02, 13
%SystemRoot%\system32\mswsock.dll [MS], 03 - 12

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Smart Web Printing"
\InProcServer32\(Default) = "C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HP Smart Web Printing"
\InProcServer32\(Default) = "C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "تدوين هذا في المدونة"
"MenuText" = "&تدوين هذا في Windows Live Writer"
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
-> {HKLM...CLSID} = "BlogThisToolbarButton Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "إرسال إلى OneNote"
"MenuText" = "إر&سال إلى OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll" [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
"ButtonText" = "ملاحظات OneNote الم&رتبطة"
"MenuText" = "ملاحظات OneNote الم&رتبطة"
"CLSIDExtension" = "{FFFDC614-B694-4AE6-AB38-5D6374584B52}"
-> {HKLM...CLSID} = "Linked Notes button"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll" [MS]

{DDE87865-83C5-48C4-8357-2F5B1AA84522}\
"ButtonText" = "Show or hide HP Smart Web Printing"
"CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}"
-> {HKLM...CLSID} = "ClipBookBtn Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Application Experience, AeLookupSvc, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\System32\aelupsvc.dll" [file not found]}
Avira AntiVir Guard, AntiVirService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir MailGuard, AntiVirMailService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
Avira AntiVir WebGuard, AntiVirWebService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"" ["Avira GmbH"]
Avira FireWall, AntiVirFirewallService, ""C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe"" ["Avira GmbH"]
Base Filtering Engine, BFE, "C:\windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\windows\System32\bfe.dll" [file not found]}
CNG Key Isolation, KeyIso, "C:\windows\system32\lsass.exe" [file not found]
Common Client Job Manager Service, PCCUJobMgr, ""C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1" ["Symantec Corporation"]
Computer Browser, Browser, "C:\windows\System32\svchost.exe -k netsvcs" {"C:\windows\System32\browser.dll" [file not found]}
DCOM Server Process Launcher, DcomLaunch, "C:\windows\system32\svchost.exe -k DcomLaunch" {"C:\windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\windows\system32\dps.dll" [file not found]}
DNS Client, Dnscache, "C:\windows\system32\svchost.exe -k NetworkService" {"C:\windows\System32\dnsrslvr.dll" [file not found]}
Extensible Authentication Protocol, EapHost, "C:\windows\System32\svchost.exe -k netsvcs" {"C:\windows\System32\eapsvc.dll" [file not found]}
Function Discovery Provider Host, fdPHost, "C:\windows\system32\svchost.exe -k LocalService" {"C:\windows\system32\fdPHost.dll" [file not found]}
Function Discovery Resource Publication, FDResPub, "C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\windows\system32\fdrespub.dll" [file not found]}
Group Policy Client, gpsvc, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\System32\gpsvc.dll" [file not found]}
hpqcxs08, hpqcxs08, "C:\windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
IKE and AuthIP IPsec Keying Modules, IKEEXT, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\System32\ikeext.dll" [file not found]}
Intel(R) Management & Security Application User Notification Service, UNS, ""C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"" ["Intel Corporation"]
Intel(R) Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" ["Intel Corporation"]
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
Multimedia Class Scheduler, MMCSS, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\mmcss.dll" [file not found]}
Net Driver HPZ12, Net Driver HPZ12, "C:\windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" [file not found]}
Network Connections, Netman, "C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\windows\System32\svchost.exe -k NetworkService" {"C:\windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\windows\system32\svchost.exe -k LocalService" {"C:\windows\system32\nsisvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\windows\system32\svchost.exe -k DcomLaunch" {"C:\windows\system32\umpnpmgr.dll" [file not found]}
Pml Driver HPZ12, Pml Driver HPZ12, "C:\windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" [file not found]}
Power, Power, "C:\windows\system32\svchost.exe -k DcomLaunch" {"C:\windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\pcasvc.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\windows\system32\svchost.exe -k rpcss" {"C:\windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\windows\system32\svchost.exe -k RPCSS" {"C:\windows\System32\RpcEpMap.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\windows\System32\wscsvc.dll" [file not found]}
Server, LanmanServer, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\srvsvc.dll" [file not found]}
Superfetch, SysMain, "C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\system32\sysmain.dll" [file not found]}
taisregispinger, taisregispinger, "C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe" [null data]
Task Scheduler, Schedule, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\schedsvc.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\windows\System32\lmhsvc.dll" [file not found]}
Themes, Themes, "C:\windows\System32\svchost.exe -k netsvcs" {"C:\windows\system32\themeservice.dll" [file not found]}
TOSHIBA eco Utility Service, TOSHIBA eco Utility Service, ""C:\Program Files\TOSHIBA\TECO\TecoService.exe"" ["TOSHIBA Corporation"]
TOSHIBA HDD Protection, Thpsrv, "C:\windows\system32\ThpSrv.exe" [file not found]
Toshiba Laptop Checkup Application Launcher, Norton PC Checkup Application Launcher, "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s" ["Symantec Corporation"]
TOSHIBA Optical Disc Drive Service, TODDSrv, "C:\Windows\system32\TODDSrv.exe" [file not found]
TOSHIBA Power Saver, TosCoSrv, ""C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"" ["TOSHIBA Corporation"]
User Profile Service, ProfSvc, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\profsvc.dll" [file not found]}
Windows Audio, AudioSrv, "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\Audiosrv.dll" [file not found]}
Windows Defender, WinDefend, "C:\windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\WUDFSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\windows\system32\svchost.exe -k imgsvc" {"C:\windows\System32\wiaservc.dll" [file not found]}
Windows Management Instrumentation, Winmgmt, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\windows\system32\svchost.exe -k netsvcs" {"C:\windows\system32\wuaueng.dll" [file not found]}
WLAN AutoConfig, Wlansvc, "C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\windows\System32\wlansvc.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\windows\System32\svchost.exe -k NetworkService" {"C:\windows\System32\wkssvc.dll" [file not found]}
Yahoo! Updater, YahooAUService, ""C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"" ["Yahoo! Inc."]
خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP), hpqddsvc, "C:\windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "kbdclass" [file not found]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpf3l70v.dll\Driver = "hpf3l70v.dll" [file not found]
hpfll70v.dll\Driver = "hpfll70v.dll" [file not found]
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]

---------- (launch time: 2012-04-04 10:01:18)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 83 seconds, including 19 seconds for message boxes)

وما ادري إذا هو او لا ..مضيع من كثرة التقارير :d:

format · 4 أبريل 2012

اعمل فحص ببرنامج

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

المترقب · 4 أبريل 2012

شكراً على ردك السريع يا بطل
وهذا هو التقرير
ويظهر إن الجهاز مافي شي مصاب
Malwarebytes Anti-Malware (PRO) 1.60.1.1000

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2012.04.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TOSHIBA :: TOSHIBA-PC [مدير]

الحماية: معطلة

04/04/2012 10:49:13 ص
mbam-log-2012-04-04 (10-49-13).txt

نوع الفحص : فحص سريع
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 192295
الوقت المنقضي : 2 دقيقة,

عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مفاتيح الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)

المجلدات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

الملفات المصابة : 0
(لم يتم إكتشاف مواد ضارة)

(و)

بس طمني لأني ماني واثق بجهازي والله :er:

format · 4 أبريل 2012

لاتخاف اطمئن مافي اشئ يالغالي ..
هل تبقى اشئ ثاني ؟

المترقب · 4 أبريل 2012

مشكوووووووووووووووووووووور يا حلوو

وربي يجزاك الجنة خيوو فورمات
وبالتوفييييييييييييييييييييييق..~

format · 4 أبريل 2012

امين وياك يارب
يغلق

تم حل المشكلة هل جهازي فيه ملفات تجسس او مخترق

المترقب

زيزوومي جديد

المترقب

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format

المترقب

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format

المترقب

زيزوومي جديد

format

زيزوومي ماسى

توقيع : format