تم حل المشكلة فتحت رابط ولما فحصت الجهاز لقيت اللون أحمر !!

ولد الناس · 25 مايو 2012

الإخوة خبراء الصيانة المحترمين

السلام عليكم ورحمة الله وبركاته

جائني هذا الرابط

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وفتحته ولما دخلت صفحة اللي أرسله لقيته مسوي تحذير واعتذار أن جهازه صار

يرسل رسائل مشبوهة ويحذر من فتحها .

فدخلت هذا الموقع :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

وعملت فحص للجهاز وكانت النتيجة كما في الصورة :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

حاولت أقفل الثغرات والبورتات ماقفلت معاي

ولد الناس · 25 مايو 2012

تقرير الهايجك

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:33:20 ص, on 25/05/12
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\The Cleaner\tcap.exe
C:\Users\m\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Mobily Connect Card\Mobily Connect Card.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Zyzoom_Forum_Tools\zHijak.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: مساعد تسجيل الدخول إلى معرف Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {f78a8f02-19ee-4de8-8ea7-6138e8b524f4} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~2\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe
O4 - HKCU\..\Run: [tcactive] C:\Program Files (x86)\The Cleaner\tcap.exe
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\m\AppData\Local\Smartbar\Application\Smartbar.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: alkasir.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {8246AC2B-4733-4964-A744-4BE60C6731D4} (IMS Control) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) -

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{63969F70-4621-4525-8325-C886096B1DB5}: NameServer = 86.51.35.24 86.51.34.24
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\SysWOW64\ChgService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: خدمة Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16864 bytes

ولد الناس · 25 مايو 2012

====== معلومات نظام التشغيل ======
X64 WIN_7 7601 Service Pack 1

====== قائمة البرامج المثبتة ======
ACDSee 10 Photo Manager
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 9.5.1 MUI
Alcor Micro USB Card Reader
Alcor Micro USB Card Reader
Alice Greenfingers
Androsa FileProtector
Ashampoo Burning Studio 9.03
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Video Magic
ASUS Virtual Camera
ASUS_N_Series_Screensaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
av6 1.00
Avant Browser (remove only)
avast! Internet Security
Bing Bar
Boxoft Screen OCR
BrowserCompanion
BugOff 1.10
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ccc-core-static
Centra Client
Chicken Invaders 2
Compatibility Pack for the 2007 Office system
ControlDeck
CyberLink LabelPrint
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink MediaShow Espresso
CyberLink Power2Go
CyberLink Power2Go
CyberLink PowerDVD 9
CyberLink PowerDVD 9
D3DX10
Dream Day Wedding Married in Manhattan
Express Gate
Game Park Console
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 3
Java(TM) 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware النسخة 1.61.0.1400
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Messenger Plus! Community Smartbar
MessengerPlusLive Saudi Arabia TB Toolbar
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobily Connect Card
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
NEC Electronics USB 3.0 Host Controller Driver
NEC Electronics USB 3.0 Host Controller Driver
Panda ActiveScan 2.0
Piggly FREE
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.91
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Smileyville FREE
The Cleaner 2012
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinMend System Doctor 1.5.8
WinRAR archiver
Wireless Console 3
بريد Windows Live
حزمة التوافق لنظام Office 2007
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
معرض صور Windows Live

ولد الناس · 25 مايو 2012

"Silent Runners.vbs", revision 61,

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Operating System: Windows 7 SP1
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background" [MS]
"Update Service" = "C:\PROGRA~2\COMMON~1\TEKNUM~1\update.exe /startup" ["Teknum Systems AS"]
"Badoo Desktop" = "C:\ProgramData\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe" [file not found]
"tcactive" = "C:\Program Files (x86)\The Cleaner\tcap.exe" ["MooSoft Development LLC"]
"Browser Infrastructure Helper" = "C:\Users\m\AppData\Local\Smartbar\Application\Smartbar.exe startup" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MDS_Menu" = ""C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"" ["CyberLink Corp."]
"RemoteControl9" = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"" ["CyberLink Corp."]
"PDVD9LanguageShortcut" = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"" ["CyberLink Corp."]
"UpdatePSTShortCut" = ""C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"" ["CyberLink Corp."]
"UpdateLBPShortCut" = ""C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"" ["CyberLink Corp."]
"UpdateP2GoShortCut" = ""C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"" ["CyberLink Corp."]
"StartCCC" = ""C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."]
"NUSB3MON" = ""C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"" ["NEC Electronics Corporation"]
"HControlUser" = "C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" ["ASUS"]
"ATKOSD2" = "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" ["ASUS"]
"ATKMEDIA" = "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" ["ASUS"]
"Adobe ARM" = ""C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"Adobe Reader Speed Launcher" = ""C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"avast" = ""C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui" ["AVAST Software"]
"Browser companion helper" = "C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne" ["Blabbers Communications LTD"]
"PlusService" = "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" ["Yuna Software"]
"TkBellExe" = ""c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"Malwarebytes' Anti-Malware" = ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00cbb66b-1d3b-46d3-9577-323a336acb50}\(Default) = "script helper for ie"
-> {HKLM...CLSID} = "Browser Companion Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\BrowserCompanion\jsloader.dll" [" "]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"
\InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]
{31ad400d-1b06-4e33-a59a-90c2c140cba0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Messenger Plus! Community SmartbarEngine"
\InProcServer32\(Default) = "mscoree.dll" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
-> {HKLM...CLSID} = "avast! WebRep"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll" ["AVAST Software"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "مساعد تسجيل الدخول إلى معرف Windows Live"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{963B125B-8B21-49A2-A3A8-E37092276531}\(Default) = "Update Timer"
-> {HKLM...CLSID} = "Browser Companion Helper Verifier"
\InProcServer32\(Default) = "C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll" [" "]
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Messenger Companion Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Companion\companioncore.dll" [MS]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = "Google Dictionary Compression sdch"
-> {HKLM...CLSID} = "Google Dictionary Compression sdch"
\InProcServer32\(Default) = "C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll" ["Google Inc."]
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Bing Bar Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" ["لإَّ‎Mïçr*s*ft Côrpôr*tï**. _*¯* _*¯* لإَّ" (unwritable string)]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}" = "Androsa FileProtector"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
"{03B54A4E-A635-418E-81FC-CF60CBB141AA}" = "SimpleShlExt extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Folder Lock 6\FLContextMenu.dll" ["NewSoftwares.net, Inc."]
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "c:\program files (x86)\real\realplayer\rpshell.dll" ["RealNetworks, Inc."]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = "VaultCredProvider"
-> {HKLM...CLSID} = "VaultCredProvider"
\InProcServer32\(Default) = "C:\Windows\System32\VaultCredProvider.dll" [file not found]
{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"
-> {HKLM...CLSID} = "WLIDCredentialProvider"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCredProv.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> about\CLSID = "{3050F406-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML About Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> base64\CLSID = "{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}"
-> {HKLM...CLSID} = "CTData Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll" ["Blabbers Communications Ltd"]
<<!>> cdl\CLSID = "{3dd53d40-7b8b-11D0-b013-00aa0059ce02}"
-> {HKLM...CLSID} = "CDL: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> chrome\CLSID = "{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}"
-> {HKLM...CLSID} = "CTData Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll" ["Blabbers Communications Ltd"]
<<!>> dvd\CLSID = "{12D51199-0DB5-46FE-A120-47A3D7D937CC}"
-> {HKLM...CLSID} = "DVD: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> file\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> ftp\CLSID = "{79eac9e3-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "ftp: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> http\CLSID = "{79eac9e2-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "http: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> https\CLSID = "{79eac9e5-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "https: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> javascript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll" [MS]
<<!>> local\CLSID = "{79eac9e7-baf9-11ce-8c82-00aa004ba90b}"
-> {HKLM...CLSID} = "file:, local: Asychronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\urlmon.dll" [MS]
<<!>> mailto\CLSID = "{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Mailto Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll" [MS]
<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]
<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]
<<!>> prox\CLSID = "{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}"
-> {HKLM...CLSID} = "CTData Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll" ["Blabbers Communications Ltd"]
<<!>> res\CLSID = "{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Resource Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> tv\CLSID = "{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}"
-> {HKLM...CLSID} = "TV: Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\msvidctl.dll" [MS]
<<!>> vbscript\CLSID = "{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}"
-> {HKLM...CLSID} = "Microsoft HTML Javascript Pluggable Protocol"
\InProcServer32\(Default) = "C:\Windows\SysWOW64\mshtml.dll" [MS]
<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"
-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll" [MS]
<<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}"
-> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Androsa FileProtector\(Default) = "{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" [** WMI GetObject error **]
SimpleShlExt\(Default) = "{03B54A4E-A635-418E-81FC-CF60CBB141AA}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Folder Lock 6\FLContextMenu.dll" ["NewSoftwares.net, Inc."]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
00avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
Androsa FileProtector\(Default) = "{0C0F74CC-F421-48E5-8C6F-BCD0D7CA141D}"
-> {HKLM...CLSID} = "Androsa FileProtector"
\InProcServer32\(Default) = "C:\PROGRA~2\ANDROS~1\ANDROS~1\tools\ShExt.dll" ["AndrosaSoft©"]
SharedMenuHandler\(Default) = "{916F1ADF-2F02-46C2-B7D2-310468390750}"
-> {HKLM...CLSID} = "Shared Shell Menu Handler"
\InProcServer32\(Default) = "ssmenu.dll" [** WMI GetObject error **]
SimpleShlExt\(Default) = "{03B54A4E-A635-418E-81FC-CF60CBB141AA}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Folder Lock 6\FLContextMenu.dll" ["NewSoftwares.net, Inc."]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\ashShell.dll" ["AVAST Software"]
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
WinRAR32\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files (x86)\WinRAR\rarext.dll" ["Alexander Roshal"]

Default executables:
--------------------
HKLM\SOFTWARE\Classes\.hta\(Default) = "htafile"
<<!>> HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = "C:\Windows\SysWOW64\mshta.exe "%1" %*" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoActiveDesktop" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoActiveDesktopChanges" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"ForceActiveDesktopOn" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\m\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ACDSee100AcquirePicturesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]
ACDSee100AcquireVideoFilesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]
ACDSee100PlayVideoFilesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]
ACDSee100ShowPicturesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]
ASHAshampoo_Burning_Studio_9BURNONARRIVAL\
"Provider" = "Ashampoo Burning Studio 9"
"InvokeProgID" = "Ashampoo.BurningStudio9"
"InvokeVerb" = "autoplay-burn"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio9\shell\autoplay-burn\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe" -autoplay -selectdrive "%l"" ["Ashampoo"]
ASHAshampoo_Burning_Studio_9COPYONARRIVAL\
"Provider" = "Ashampoo Burning Studio 9"
"InvokeProgID" = "Ashampoo.BurningStudio9"
"InvokeVerb" = "autoplay-copy"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio9\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe" -autoplay -selectdrive "%l" -copy" [file not found]
ASHAshampoo_Burning_Studio_9RIPONARRIVAL\
"Provider" = "Ashampoo Burning Studio 9"
"InvokeProgID" = "Ashampoo.BurningStudio9"
"InvokeVerb" = "autoplay-rip"
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio9\shell\autoplay-rip\Command\(Default) = ""C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 9\burningstudio9.exe" -autoplay -selectdrive "%l" -rip" ["Ashampoo"]
GOMPlayDVDOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.DVD"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]
GOMPlayMediaOnArrival\
"Provider" = "GOM Player"
"InvokeProgID" = "GomPlayer.MediaFile"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]
HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""C:\PROGRA~2\GRETECH\GOMPLA~1\GOM.exe"" ["Gretech Corp."]
MSLivePhotoAcqHWEventHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]
MSLivePhotoAcquireDropHandler\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveShowPicturesOnArrival\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"
-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]
MSLiveVideoCameraArrivalCaptureWizard\
"Provider" = "@%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10"
"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"
"InitCmdLine" = "WLXVideoAcquireWizard"
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"
-> {HKLM...CLSID} = "WLXWEventHandler Class"
\LocalServer32\(Default) = ""C:\Program Files (x86)\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]
P2GCDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]
P2GDVDBurningOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPower2Go"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayCDAudioOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayDVDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlaySVCDOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "SVCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
PDVD9PlayVCDMovieOnArrival\
"Provider" = "PowerDVD 9"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD9"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVDLaunchPolicy.exe" "%L"" ["CyberLink Corp."]
Power2GoPlayCDAudioOnArrival\
"Provider" = "Power2Go"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPower2Go"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = ""C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L"" ["CyberLink Corp."]
PStarterBlankCDArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "BlankCD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterDVDBurningOnArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "BlankDVD"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterMixedCDArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "MixedContent"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterMusicFilesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterPicturesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
PStarterVideoFilesArrival\
"Provider" = "ASUS Video Magic"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "OpenWithPowerStarter"
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = ""C:\Program Files (x86)\Cyberlink\DVD Suite\PowerStarter.exe" "%L"" ["CyberLink"]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""c:\program files (x86)\real\realplayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPDVDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVDBurn.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""c:\program files (x86)\real\realplayer\\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
WIA_{7D704716-C203-4914-BF5E-1A9206E06B5F}\
"Provider" = "ACDSee 10.0"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;start ACDSeeQV10.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "m" & "All Users" startup folders:
---------------------------------------------------
C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"alkasir" -> shortcut to: "C:\Users\m\AppData\Roaming\Microsoft\Installer\{4B1F9BA3-B6D8-4F86-8916-3BA109D53E90}\_46559460866309FC7F1983.exe" [file not found]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Bluetooth" -> shortcut to: "C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe" [file not found]
"FancyStart daemon" -> shortcut to: "C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe -d" [null data]
"SRS Premium Sound" -> shortcut to: "C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h" ["Acresso Software Inc."]

Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000007\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000008\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
000000000009\LibraryPath = "C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}" = (no title provided)
-> {HKLM...CLSID} = "avast! WebRep"
\InProcServer32\(Default) = "C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll" ["AVAST Software"]
"{AE07101B-46D4-4A98-AF68-0333EA26E113}" = "Smartbar"
-> {HKLM...CLSID} = "Messenger Plus! Community Smartbar"
\InProcServer32\(Default) = "mscoree.dll" [MS]
"{8DCB7100-DF86-4384-8842-8FA844297B3F}" = "Bing"
-> {HKLM...CLSID} = "Bing Bar"
\InProcServer32\(Default) = ""C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"" ["لإَّ‎Mïçr*s*ft Côrpôr*tï**. _*¯* _*¯* لإَّ" (unwritable string)]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\(Default) = "Messenger Plus! Community Smartbar"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "mscoree.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&بحث"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{0000036B-C524-4050-81A0-243669A86B9F}\
"ButtonText" = "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600"
"CLSIDExtension" = "{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3}"
-> {HKLM...CLSID} = "Windows Live Messenger Companion Command Bar Button"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Companion\companioncore.dll" [MS]
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
"ButtonText" = "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004"
"MenuText" = "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003"
"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"
-> {HKLM...CLSID} = "BlogThisToolbarButton Class"
\InProcServer32\(Default) = "C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll" [MS]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "بحث"

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AFBAgent, AFBAgent, ""C:\Windows\system32\FBAgent.exe"" [file not found]
AMD External Events Utility, AMD External Events Utility, "C:\Windows\system32\atiesrxx.exe" [file not found]
Application Experience, AeLookupSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\aelupsvc.dll" [file not found]}
Application Information, Appinfo, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\appinfo.dll" [file not found]}
ASLDR Service, ASLDRService, "C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe" ["ASUS"]
ATKGFNEX Service, ATKGFNEXSrv, "C:\Program Files\ATKGFNEX\GFNEXSrv.exe" [null data]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\AVAST Software\Avast\AvastSvc.exe"" ["AVAST Software"]
avast! Firewall, avast! Firewall, ""C:\Program Files\AVAST Software\Avast\afwServ.exe"" ["AVAST Software"]
Background Intelligent Transfer Service, BITS, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\qmgr.dll" [file not found]}
Base Filtering Engine, BFE, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\System32\bfe.dll" [file not found]}
BBUpdate, BBUpdate, "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe" ["Microsoft Corporation."]
Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" ["Broadcom Corporation."]
Bluetooth Support Service, bthserv, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\system32\bthserv.dll" [file not found]}
Change Modem Device Service, Change Modem Device Service, ""C:\Windows\SysWOW64\ChgService.exe" -service" [null data]
CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [file not found]
Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [file not found]}
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"" [empty string]
DCOM Server Process Launcher, DcomLaunch, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\rpcss.dll" [file not found]}
Desktop Window Manager Session Manager, UxSms, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\uxsms.dll" [file not found]}
Diagnostic Policy Service, DPS, "C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\dps.dll" [file not found]}
Distributed Link Tracking Client, TrkWks, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\trkwks.dll" [file not found]}
DNS Client, Dnscache, "C:\Windows\system32\svchost.exe -k NetworkService" {"C:\Windows\System32\dnsrslvr.dll" [file not found]}
Encrypting File System (EFS), EFS, "C:\Windows\System32\lsass.exe" [file not found]
Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [file not found]}
Function Discovery Resource Publication, FDResPub, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\fdrespub.dll" [file not found]}
Group Policy Client, gpsvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\gpsvc.dll" [file not found]}
Intel(R) Management & Security Application User Notification Service, UNS, ""C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"" ["Intel Corporation"]
Intel(R) Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" ["Intel Corporation"]
IP Helper, iphlpsvc, "C:\Windows\System32\svchost.exe -k NetSvcs" {"C:\Windows\System32\iphlpsvc.dll" [file not found]}
IPsec Policy Agent, PolicyAgent, "C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted" {"C:\Windows\System32\ipsecsvc.dll" [file not found]}
MBAMService, MBAMService, ""C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]
Network Connections, Netman, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\netman.dll" [file not found]}
Network Location Awareness, NlaSvc, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\nlasvc.dll" [file not found]}
Network Store Interface Service, nsi, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\nsisvc.dll" [file not found]}
Plug and Play, PlugPlay, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpnpmgr.dll" [file not found]}
Portable Device Enumerator Service, WPDBusEnum, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\wpdbusenum.dll" [file not found]}
Power, Power, "C:\Windows\system32\svchost.exe -k DcomLaunch" {"C:\Windows\system32\umpo.dll" [file not found]}
Print Spooler, Spooler, "C:\Windows\System32\spoolsv.exe" [file not found]
Program Compatibility Assistant Service, PcaSvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\pcasvc.dll" [file not found]}
Remote Access Connection Manager, RasMan, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\rasmans.dll" [file not found]}
Remote Procedure Call (RPC), RpcSs, "C:\Windows\system32\svchost.exe -k rpcss" {"C:\Windows\system32\rpcss.dll" [file not found]}
RPC Endpoint Mapper, RpcEptMapper, "C:\Windows\system32\svchost.exe -k RPCSS" {"C:\Windows\System32\RpcEpMap.dll" [file not found]}
Secure Socket Tunneling Protocol Service, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [file not found]}
Security Accounts Manager, SamSs, "C:\Windows\system32\lsass.exe" [file not found]
Security Center, wscsvc, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wscsvc.dll" [file not found]}
Server, LanmanServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\srvsvc.dll" [file not found]}
SSDP Discovery, SSDPSRV, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\System32\ssdpsrv.dll" [file not found]}
Superfetch, SysMain, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\sysmain.dll" [file not found]}
TCP/IP NetBIOS Helper, lmhosts, "C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\lmhsvc.dll" [file not found]}
Themes, Themes, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\system32\themeservice.dll" [file not found]}
User Profile Service, ProfSvc, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\profsvc.dll" [file not found]}
Windows Audio, AudioSrv, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, "C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\Audiosrv.dll" [file not found]}
Windows Backup, SDRSVC, "C:\Windows\system32\svchost.exe -k SDRSVC" {"C:\Windows\System32\SDRSVC.dll" [file not found]}
Windows Defender, WinDefend, "C:\Windows\System32\svchost.exe -k secsvcs" {"C:\Program Files (x86)\Windows Defender\mpsvc.dll" [file not found]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [file not found]}
Windows Event Log, eventlog, "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" {"C:\Windows\System32\wevtsvc.dll" [file not found]}
Windows Firewall, MpsSvc, "C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork" {"C:\Windows\system32\mpssvc.dll" [file not found]}
Windows Font Cache Service, FontCache, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\FntCache.dll" [file not found]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [file not found]}
Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]
Windows Management Instrumentation, Winmgmt, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wbem\WMIsvc.dll" [file not found]}
Windows Update, wuauserv, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\wuaueng.dll" [file not found]}
WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [file not found]}
Workstation, LanmanWorkstation, "C:\Windows\System32\svchost.exe -k NetworkService" {"C:\Windows\System32\wkssvc.dll" [file not found]}

Keyboard Driver Filters:
------------------------
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> "UpperFilters" = <<!>> "kbdclass" [file not found]

Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor4\Driver = "CNBLM4.DLL" [file not found]
HP 8811 Status Monitor\Driver = "hpinksts8811LM.dll" [file not found]
Local Port\Driver = "localspl.dll" [file not found]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [file not found]
Standard TCP/IP Port\Driver = "tcpmon.dll" [file not found]
USB Monitor\Driver = "usbmon.dll" [file not found]
WSD Port\Driver = "WSDMon.dll" [file not found]

---------- (launch time: 2012-05-25 05:39:23)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 40 seconds, including 6 seconds for message boxes)

ولد الناس · 25 مايو 2012

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
Windows Product ID: 00359-OEM-8992687-00007
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {502F0C43-3793-408F-95CC-E6C62DECC39A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{502F0C43-3793-408F-95CC-E6C62DECC39A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-581258782-3237703517-1804534788</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc. </Manufacturer><Model>N61Ja</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>N61Ja.207</Version><SMBIOSVersion major="2" minor="6"/><Date>20100125000000.000000+000</Date></BIOS><HWID>F4003607018400FC</HWID><UserLCID>0401</UserLCID><SystemLCID>0401</SystemLCID><TimeZone>السعودية - التوقيت الرسمي(GMT+03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110401-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73939-640-0000106-57544</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800007-02-1033-7600.0000-2092009
Installation ID: 094515530004096003920626926454320861632941507811153536
Processor Certificate URL:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Machine Certificate URL:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Use License URL:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Product Key Certificate URL:

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Partial Product Key: 9YQTR
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 25/05/12 05:30:19 ص
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EE7
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:24:2012 08:45
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: NAAAAAIAAQABAAEAAAACAAAABAABAAEA6GF0l81QEmn6QhpeYLZiPWaeICfqWnp9agtcXQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC _ASUS_ Notebook
FACP _ASUS_ Notebook
DBGP _ASUS_ Notebook
HPET _ASUS_ Notebook
MCFG _ASUS_ Notebook
ECDT _ASUS_ Notebook
SLIC _ASUS_ Notebook
SSDT PmRef CpuPm
DMAR INTEL CP_DALE

ولد الناس · 25 مايو 2012

Malwarebytes Anti-Malware 1.61.0.1400

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

نسخة قاعدة البيانات : v2012.05.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
m :: MM-PC [مدير]
الحماية: ممكنة
04/07/33 06:33:00 ص
mbam-log-2012-05-25 (06-33-00).txt
نوع الفحص : فحص كامل
خيارت الفحص الممكنة: الذاكرة | بدء التشغيل | الريجستري | نظام الملفات | أساليب بحثية/غير ذلك | Shuriken/أساليب بحثية | PUP | PUM
خيارات الفحص المعطلة: P2P
الكائنات المفحوصة : 364664
الوقت المنقضي : 54 دقيقة, 28 ثانية
عمليات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)
وحدات الذاكرة المصابة : 0
(لم يتم إكتشاف مواد ضارة)
مفاتيح الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)
قيم الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)
مواد بيانات الريجستري المصابة : 0
(لم يتم إكتشاف مواد ضارة)
المجلدات المصابة : 0
(لم يتم إكتشاف مواد ضارة)
الملفات المصابة : 0
(لم يتم إكتشاف مواد ضارة)
(و)

كفاح الجريح · 25 مايو 2012

احذف الاتي
MessengerPlusLive Saudi Arabia TB Toolbar

الوفاء طبعي · 26 مايو 2012

من اضافة وازالة البرامج احذف التالي

قبل الحذف اغلق جميع المتصفحات

Bing Bar
Google Toolbar for Internet Explorer
Google Update Helper
Panda ActiveScan 2.0

بعدها اعد تشغيل الجهاز وافحص الجهاز بهذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ولد الناس · 26 مايو 2012

كفاح الجريح قال:
احذف الاتي
MessengerPlusLive Saudi Arabia TB Toolbar

أشكرك أخي الكريم كفاح على حضورك واهتمامك

تم الحذف أخي

تحياتي وتقديري وشكري لك

ولد الناس · 26 مايو 2012

الوفاء طبعي قال:
من اضافة وازالة البرامج احذف التالي

قبل الحذف اغلق جميع المتصفحات

Bing Bar
Google Toolbar for Internet Explorer
Google Update Helper
Panda ActiveScan 2.0

بعدها اعد تشغيل الجهاز وافحص الجهاز بهذا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

أخي الموقر الوفاء طبعي

لك من الشكر أجزله ومن التقدير أعظمه ومن الدعاء أصدقه على تكرمك بالحضور

وتفضلك بالتوجيه .

أستاذي تم حذف جميع ماذكرت ماعدا ( Google Update Helper ) مالقيتها

وتم فحص الجهاز بواسطة البرنامج الذي ذكرت وسأضع التقرير في المشاركة اللاحقة

تحياتي وتقديري واحترامي وشكري لك

ولد الناس · 26 مايو 2012

SUPERAntiSpyware Scan Log

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Generated 05/26/2012 at 01:25 AM
Application Version : 5.0.1150
Core Rules Database Version : 8649
Trace Rules Database Version: 6461
Scan type : Complete Scan
Total Scan Time : 00:51:16
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 728
Memory threats detected : 0
Registry items scanned : 66504
Registry threats detected : 0
File items scanned : 58942
File threats detected : 11
Adware.Tracking Cookie
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\CKY69NGO.txt [ Cookie:m@clkads.com/adServe ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\07S0IZ01.txt [ Cookie:m@clkads.com/adServe/static/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\XDM4EWJD.txt [ Cookie:m@mediafire.com/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWR3E19G.txt [ Cookie:m@statcounter.com/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ZLZK3DN.txt [ Cookie:m@tradefx.advertserve.com/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\B4TZEML2.txt [ Cookie:m@accounts.google.com/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\AWKH6BR3.txt [ Cookie:m@account.norton.com/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\02XBE52K.txt [ Cookie:m@yadro.ru/ ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\Low\CL27MOBT.txt [ Cookie:m@lucidmedia.com/ ]
C:\USERS\M\Cookies\CKY69NGO.txt [ Cookie:m@clkads.com/adServe ]
C:\USERS\M\Cookies\07S0IZ01.txt [ Cookie:m@clkads.com/adServe/static/ ]

ولد الناس · 26 مايو 2012

عملت فحص جديد ووجد البرنامج 4 فايروسات :

××××××××××××××××××××××××××

SUPERAntiSpyware Scan Log

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Generated 05/26/2012 at 04:32 AM
Application Version : 5.0.1150
Core Rules Database Version : 8649
Trace Rules Database Version: 6461
Scan type : Complete Scan
Total Scan Time : 00:52:23
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 724
Memory threats detected : 0
Registry items scanned : 66530
Registry threats detected : 0
File items scanned : 59121
File threats detected : 4
Adware.Tracking Cookie
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\OFG8PJPF.txt [ Cookie:m@clkads.com/adServe ]
C:\USERS\M\AppData\Roaming\Microsoft\Windows\Cookies\U0BTDONA.txt [ Cookie:m@clkads.com/adServe/static/ ]
C:\USERS\M\Cookies\OFG8PJPF.txt [ Cookie:m@clkads.com/adServe ]
C:\USERS\M\Cookies\U0BTDONA.txt [ Cookie:m@clkads.com/adServe/static/ ]

كفاح الجريح · 26 مايو 2012

طيب الجهاز نظيف ان شاء الله
لتصليح اخطاء الريجستري
استعمل برنامج ashampoo optimizer
ولتنظيف الجهاز من الملفات الزائدة ccleaner

ولد الناس · 27 مايو 2012

كفاح الجريح قال:
طيب الجهاز نظيف ان شاء الله
لتصليح اخطاء الريجستري
استعمل برنامج ashampoo optimizer
ولتنظيف الجهاز من الملفات الزائدة ccleaner

أشكرك أخي الموقر كفاح على كريم اهتمامك وجميل متابعتك وعظيم حرصك

على تقديم المساعدة والتوجيه لي ولكل محتاج

وأسأل الله أن يوفقك ويحفظك ويجزيك خير الجزاء

سأقوم الآن بتحميل البرامج أعلاه

لدي سؤالين استاذي الفاضل :

# هل الرابط الذي وصلني وقمت بفتحه كان رابط اختراق ؟

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

# وهل جهازي كان مخترق ؟

تقبل جزيل شكري وعظيم تقديري وصادق تحياتي وفائق امتناني

كفاح الجريح · 27 مايو 2012

يظهر لي بان جهازك اريد اختراقه ولكن بفضل الله ومن ثم مضاد الفيروسات تم القضاء على الملفات المخترقة
وانا بخدمتك اخي الكريم

كفاح الجريح · 27 مايو 2012

خلي برنامج الحماية مفعل دائما
اي الحماية مفعلة
انصحك ببرنامج مثل avg
+ SUPERAntiSpyware
وان شاء الله راح تحميك من الروابط المشبوهه

ولد الناس · 27 مايو 2012

أخي الكريم الأستاذ كفاح

أشكرك شكراً يليق بشخصك الكريم وبجميل اهتمامك وعظيم حرصك

على إفادة ومساعدة كل محتاج وهذا والله إن دل فإنما يدل على أصالة

معدنك ونبل أخلاقك .

أستاذي الموقر :

آسف لإرهاقك معي

قمت الآن بفحص الجهاز في هذا الموقع :

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

والنقطة الحمراء لازالت موجودة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

فما هو الحل معها أستاذي الكريم

format · 27 مايو 2012

يالغالي جهازك سليم
لون الاحمر لايدل على انه جهازك مخترق ..
وبعدين لاانصحك ب هذه الموقع اصلا لاني ماأثق فيها ..
هذا والله الموفق الك
هل تبقى اشئ ثاني

ولد الناس · 27 مايو 2012

كفاح الجريح قال:
يظهر لي بان جهازك اريد اختراقه ولكن بفضل الله ومن ثم مضاد الفيروسات تم القضاء على الملفات المخترقة
وانا بخدمتك اخي الكريم

format قال:
يالغالي جهازك سليم

لون الاحمر لايدل على انه جهازك مخترق ..
وبعدين لاانصحك ب هذه الموقع اصلا لاني ماأثق فيها ..
هذا والله الموفق الك
هل تبقى اشئ ثاني

الله يسعدك ويوفقك ويبارك فيك ويرحم والديك

ريحتني الله يجزاك خير

أبقى أقووول :

أشكركم جميعاً لاهتمامكم وحرصكم وأسأل الله أن يجعل ذلك في موازين أعمالكم

ومهما شكرتكم فلن أوفيكم حقكم

تحيات وتقديري واحترامي لكم جميعاً

format · 27 مايو 2012

شكرا لدعوتك صادقة
بالتوفيق ..
ويعطيكم العافية شباب

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى فضى

توقيع : الوفاء طبعي

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومي نشيط

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومي نشيط

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومى فضى

توقيع : كفاح الجريح

زيزوومي نشيط

زيزوومي ماسى

توقيع : format

زيزوومي نشيط

زيزوومي ماسى

توقيع : format